Re: mailscanner stable update for CVE-2008-5312 CVE-2008-5313
Hi
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for mailscanner some time ago.
>
> CVE-2008-5312[0]:
> CVE-2008-5313[1]:
>
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
>
> However it would be nice if this could get fixed via a regular point
> update[2].
> Please contact the release team for this.
>
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
> [2] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
Mailscanner has been removed from lenny because of this. See [0].
The bug is fixed in testing and unstable.
Current plans are to put MailScanner into backports.
I don't think there is any point fixing[0] in oldstable. Backporting
upstreams-fix to such an old version would involve a great deal of changes
without getting it secure, because a email-spam/virus-scanner is very
volatile.
--
Regards
Simon
[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
Reply to: