On Mon, Nov 14, 2005, Nico Golde wrote: > What do you think exactly? The changes from 6.2.5.2 fixed > CVE-2005-2335, Steve Kemp prepared the fixed package. > But you are right it seems that some things are broken, for > example the apop support.
I think the changes in 6.2.5.2 included a fix for CVE-2005-2335, and only this fix should have been uploaded. Now that sarge2 is already on the tracks, I propose to prepare a sarge3 with everything from sarge1 reverted and fetchmail_CAN-2005-2335.diff applied instead (along with patch.CVE-2005-3088.fetchmail of course). Security team, please ack the proposed changes. Alternatively, we could live with the regression and I could prepare a stable upload with all fixes from 6.2.5.4. Bye, -- Loïc Minier <[EMAIL PROTECTED]>
