Bug#944348: buster-pu: package schleuder/3.4.0-2+deb10u1

[Julien Cristau <jcristau@debian.org>]

Control: tag -1 confirmed

On Fri, Nov 08, 2019 at 10:57:51AM +0000, Georg Faerber wrote:
> Schleuder in buster is affected by various problems, which I would like to fix
> with this proposed update:
> 
>   - Schleuder fails to recognize keywords in mails with "protected headers" and
>     empty subject. 
>     (Ref: #940524)
> 
>   - Schleuder is vulnerable to signature-flooded keys. GPG does not cope well
>     with these keys. It will either refuse to import them, or during and after
>     the import become so slow to be effectively unusable (while hogging CPUs).
>     By default keys are regularly updated from the keyservers (in order to
>     receive extended expiry dates, or key revocations). Any list with an
>     attacked key in its keyring will become practically unusable and strain the
>     server. This is a rather severe problem.
>     (Ref: #940526)
> 
>   - Schleuder doesn't report an error, if the argument provided to
>     `refresh_keys` is not an existing list, as if the job ran successfully.
>     (Ref: #940527)
> 
> All of them are already fixed in unstable. The proposed version is in
> use and was tested in production for the last two weeks.
> 
That looks fine to me.  Go ahead.

Cheers,
Julien