Re: proposed update for CVE-2010-2494 in lenny
On Fri, 2010-10-01 at 23:53 +0200, Serafeim Zanikolas wrote:
+bogofilter (1.1.7-1+lenny1) stable; urgency=high
+ * Apply patch from Julius Plenz <firstname.lastname@example.org> to prevent possible
+ heap corruption due to a bug in the base64_decode function (CVE-2010-2494,
+ aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable
+ because the issue does not warrant a DSA. closes: #588090.
This looks fine, thanks.
+ * Build-Depend on quilt
This, otoh, is not. For a stable update, adding, removing or changing
patch systems is not appropriate. Please apply the changes directly to
the source and send us an updated debdiff for final approval.