On Wednesday, July 23, 2025 11:47:16 AM Mountain Standard Time Soren Stoutner wrote: > On Tuesday, July 22, 2025 1:05:44 AM Mountain Standard Time Salvatore > > Bonaccorso wrote: > > - you can try to reach out to courier upstream to get a public answer > > > > referenceable on the fix for CVE-2004-2313 which we can use as > > proof. > > That is reasonable. I have a fairly good working relationship with upstream. > I have opened the following issue requesting verification that neither of > these CVEs affect the current version of SqWebMail: > > https://github.com/svarshavchik/courier/issues/61 The upstream maintainer is confident that neither of these vulnerabilities affect current versions of the SqWebMail and haven’t done so since 2004 at the latest. Details are in the upstream link above. -- Soren Stoutner soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.