[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [pkg-horde] imp4 update for CVE-2010-0463 in stable

On Sat, Jul 10, 2010 at 06:09:50PM +0100, Adam D. Barratt wrote:
> 
> That diff appears to contain two sets of changes.
> 
> The first set are for a -lenny1 upload dated August 2009, reverting some
> changes made in a previous upload and with stable-security in the
> changlog. However, I can't see any sign of that upload on security.d.o and
> the changes weren't mentioned in your message.
> 
> If the changes for the fix for CVE-2010-0463 are those I suspect then they
> should be ok on their own but it's not entirely obvious from the diff.

There is two diffs:

* Fix errors in last security fix by upstream:
http://git.debian.org/?p=pkg-horde/imp4.git;a=commitdiff;h=a99ee22b3c53aa7ff537ee1f9fa4dc6d2e28e8e3

* Fix by upstream for CVE-2010-0463:
http://git.debian.org/?p=pkg-horde/imp4.git;a=commitdiff;h=881658ab0a535d11859086d10f91701a6380998c

from my point of view, this two diff are candidates for stable-proposed-updates.

Regards,
-- 
Gregory Colpart <reg@evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
Reply to: