Re: proposed update for CVE-2010-2494 in lenny
On Fri, 2010-10-01 at 23:53 +0200, Serafeim Zanikolas wrote:
+bogofilter (1.1.7-1+lenny1) stable; urgency=high
+
+ * Apply patch from Julius Plenz <plenz@cis.fu-berlin.de> to prevent possible
+ heap corruption due to a bug in the base64_decode function (CVE-2010-2494,
+ aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable
+ because the issue does not warrant a DSA. closes: #588090.
This looks fine, thanks.
+ * Build-Depend on quilt
This, otoh, is not. For a stable update, adding, removing or changing
patch systems is not appropriate. Please apply the changes directly to
the source and send us an updated debdiff for final approval.
Regards,
Adam
Reply to: