Re: Please update courier security tracker information

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Please update courier security tracker information
From: Soren Stoutner <soren@debian.org>
Date: Mon, 25 Aug 2025 17:56:10 -0700
Message-id: <[🔎] 1894834.QZUTf85G27@soren-desktop>
In-reply-to: <aKiRaEMCJQgtUp--@inutil.org>
References: <1914501.R1toDxpfAE@soren-desktop> <[🔎] 3298597.5fSG56mABF@soren-desktop> <aKiRaEMCJQgtUp--@inutil.org>

On Friday, August 22, 2025 8:48:56 AM Mountain Standard Time Moritz Mühlenhoff wrote:

> Thanks for folllowing up. I've used 0.44.2-1 as the fixed version given that

> sqwebmail 3.6.1 was released 2003-10-30 and 0.44.2 was the following release

> uploaded to sid.

Thank you for doing that.

How do you propose we deal with CVE-2005-1308, which was a false positive and was never actually a security vulnerability in Courier?

Soren Stoutner

soren@debian.org

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Please update courier security tracker information
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Re: Please update courier security tracker information
  - From: Soren Stoutner <soren@debian.org>