On Sat, 30 Jul 2005, Bruce Dubbs wrote: > Ken Moffat wrote: > > > Bruce, I take it you're going to ignore 1485 that I raised yesterday ? > > > > And still on the subject of security, it appears that fetchmail is now > > being maintained from http://fetchmail.berlios.de who have a 6.2.5.2 > > release to address CAN-2005-2335. See e.g. > > http://www.securityfocus.com/archive/1/406497/30/60/threaded > > > > No doubt there are other known vulnerabilities in the book, but in the > > absence of a list of packages/status I'm *slowly* trying to review them. > > I'm sorry this doesn't fit nicely with preparation for a release, but > > that is the nature of vulnerabilities. > > When I wrote the parent, I was only looking at the 6.1 targeted bugs. > 1485 still is marked future. It is also marked P2 but should be P1 due > the security issues. >
I'm not an editor, as far as I know I can't set either of those fields in bugzilla (and you really don't want joe random.user playing with targets and priorities). Maybe my fault for filing it against 6.1 ? > This is currently a CMMI package. Does the new version change this? If > not, there is no reason why it can't be put into 6.1. > > -- Bruce > AFAIK, it's still CMMI. I can give it a go later tonight. As to fetchmail, I'll definitely be building that when I get back to my main box (but on a base LFS so old you really don't want to know). But it rather looks as if it may have been forked (esr's site still shows 6.2.0 as latest, but the URI in my previous post talks of development versions as well as the stable, and mentions a mailing list), which raises the question of whether the editors want to follow it. Do you want me to BZ it ? Ken -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
