Hello Lucas, On Fri, Jul 29, 2005 at 05:22:17PM -0300, Lucas Wall wrote: > Helge Kreutzmann wrote, On 29/07/05 13:30: > > Well, I don't think so. I read in your changelog: > > - new upstream patch because of security issue CAN-2005-2335 > > > > There is no mention of a bug in the BTS here (no closes#). The machine > > I reported from is a woody without fetchmail. But I think you can add > > the proper version in retrorespect as well? > > I was takling about this: > > http://lists.debian.org/debian-devel-announce/2005/07/msg00010.html > > And the original changelog entry is in version 6.2.5-15 > > - fixed buffer overrun in pop3 UIDs handling CAN-2005-2335 > http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt > (closes: #212762) > > Upstream made a second (better) patch and we applied it on version > 6.2.5-16 (the changelog entry you quoted).
Sorry, I did not see the earlier entry. I went reverse in history and
saw that entry without a bug number, hence I assumed that you took the
fix directly from upstream without a Debian BTS entry.
Please handle this bug appropriately (I am not sure exactly what the
proper way is using the version tracking).
Thanks for maintaining fetchmail.
Greetings
Helge
--
Dr. Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED]
gpg signed mail preferred
64bit GNU powered http://www.itp.uni-hannover.de/~kreutzm
Help keep free software "libre": http://www.ffii.de/
pgphRaGmMizx6.pgp
Description: PGP signature
