Re: proposed update for CVE-2010-2494 in lenny

To: Serafeim Zanikolas <sez@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: proposed update for CVE-2010-2494 in lenny
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 03 Oct 2010 12:25:11 +0100
Message-id: <[🔎] 1286105111.6044.46.camel@hathi.jungle.funky-badger.org>
In-reply-to: <[🔎] 20101001215307.GB2810@mobee>
References: <[🔎] 20101001215307.GB2810@mobee>

On Fri, 2010-10-01 at 23:53 +0200, Serafeim Zanikolas wrote:

+bogofilter (1.1.7-1+lenny1) stable; urgency=high
+
+  * Apply patch from Julius Plenz <plenz@cis.fu-berlin.de> to prevent possible
+    heap corruption due to a bug in the base64_decode function (CVE-2010-2494,
+    aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable
+    because the issue does not warrant a DSA. closes: #588090.

This looks fine, thanks.

+  * Build-Depend on quilt

This, otoh, is not.  For a stable update, adding, removing or changing
patch systems is not appropriate.  Please apply the changes directly to
the source and send us an updated debdiff for final approval.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: proposed update for CVE-2010-2494 in lenny
  - From: Serafeim Zanikolas <sez@debian.org>

References:
- proposed update for CVE-2010-2494 in lenny
  - From: Serafeim Zanikolas <sez@debian.org>

Prev by Date: Bug#598856: unblock: xserver-xorg-video-intel/2:2.12.0+shadow-2
Next by Date: Re: Freeze exception quassel 0.7.1-1
Previous by thread: proposed update for CVE-2010-2494 in lenny
Next by thread: Re: proposed update for CVE-2010-2494 in lenny
Index(es):
- Date
- Thread