Thijs Kinkhorst schrieb: > Version: 2.3.8-2etch1 Ah, thank you.
>> Justification: introduces a security hole on systems where you install >> the packages > > Huh? Have you read the author's announcement? It does no such thing on Debian > systems - it only introduces a local security hole on systems where you > (quite specifically) change the shipped configuration. Sure I read it. That's why I forwarded it to you. > The issue is now fixed in all distributions, so no need to argue over > severity - I'm rather closing this bug. FACK > But in the future please be more > careful when making statements about the impact of vulnerabilities. Please help me understand how you would have preferred me to report this, so next time I can do it right. From what I understand, security holes are critical or grave bugs, depending on whether a local account or the system are affected (can possibly be modified/compromised) In this case, it is the whole system, provided that the mail system is configured in a specific way, because not only a user using postfix may be affected, but also files belonging to other users or root. Why does this not justify critical? Would you really believe that grave would be more appropriate? Why? -- Kevin Price http://www.kevin-price.de/
signature.asc
Description: OpenPGP digital signature