[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proposed update for CVE-2010-2494 in lenny

On Fri, 2010-10-01 at 23:53 +0200, Serafeim Zanikolas wrote:

+bogofilter (1.1.7-1+lenny1) stable; urgency=high
+  * Apply patch from Julius Plenz <plenz@cis.fu-berlin.de> to prevent possible
+    heap corruption due to a bug in the base64_decode function (CVE-2010-2494,
+    aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable
+    because the issue does not warrant a DSA. closes: #588090.

This looks fine, thanks.

+  * Build-Depend on quilt

This, otoh, is not.  For a stable update, adding, removing or changing
patch systems is not appropriate.  Please apply the changes directly to
the source and send us an updated debdiff for final approval.



Reply to: