[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please update courier security tracker information



The security tracker for courier list two pieces of inaccurate information.

https://security-tracker.debian.org/tracker/source-package/courier

1.  CVE-2004-2313 was fixed in Debian a long time ago.  I think this was not 
auto-detected because SqWebMail uses a different version numbering scheme than 
the source package it is built from.  CVE-2004-2313 affected SqWebMail 3.4.1 
through 3.6.1.  The current version in Debian is 6.2.9+1.4.1-2.

https://packages.debian.org/unstable/sqwebmail

2.  It is unclear if CVE-2005-1308 was ever actually a security bug.  The 
Debian bug report doesn’t think so.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307575

The CVE submission doesn’t list any vulnerable or fixed versions, and all the 
links on the CVE are either dead or unuseful.

https://www.cve.org/CVERecord?id=CVE-2005-1308

-- 
Soren Stoutner
soren@debian.org

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: