The security tracker for courier list two pieces of inaccurate information. https://security-tracker.debian.org/tracker/source-package/courier 1. CVE-2004-2313 was fixed in Debian a long time ago. I think this was not auto-detected because SqWebMail uses a different version numbering scheme than the source package it is built from. CVE-2004-2313 affected SqWebMail 3.4.1 through 3.6.1. The current version in Debian is 6.2.9+1.4.1-2. https://packages.debian.org/unstable/sqwebmail 2. It is unclear if CVE-2005-1308 was ever actually a security bug. The Debian bug report doesn’t think so. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307575 The CVE submission doesn’t list any vulnerable or fixed versions, and all the links on the CVE are either dead or unuseful. https://www.cve.org/CVERecord?id=CVE-2005-1308 -- Soren Stoutner soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.