[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 900-1] New fetchmail packages fix potential information leak



Am Freitag, den 18.11.2005, 08:55 +0100 schrieb Martin Schulze:

Hello,

> Debian Security Advisory DSA 900-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> November 18th, 2005                        http://www.debian.org/security/faq
> 
> Package        : fetchmail
> Vulnerability  : programming error
> Problem type   : local
> Debian-specific: no
> CVE ID         : CVE-2005-3088
> Debian Bug     : 336096

> For the old stable distribution (woody) this problem has been fixed in
> version 5.9.11-6.3.
> 
> For the stable distribution (sarge) this problem has been fixed in
> version 6.2.5-12sarge3.

There is a problem with this update in woody (in sarge and later
fetchmail-ssl is a dummy package) because the fetchmail-ssl package
depends on "fetchmail-common (= 5.9.11-6.2)".

Is this known and will be fixed soon?

Thank you.

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: