Joerg Jung wrote: > > Our port is probably still vulnerable to CVE-2006-0709: > > > > https://security-tracker.debian.org/tracker/CVE-2006-0709 > > > > https://rhn.redhat.com/errata/RHSA-2006-0217.html > > > > There are two patches included in the Debian tickets and I can't tell > > which was applied. They removed the port in 2009, so it's hard to find > > out. > > > > Of course, ideally we'd just remove ours too, but as sthen pointed out > > comms/hylafax and mail/exmh2 still depend on it. > > I guess Debian has Hylafax as well. > So how did they solved the dependency problem?
It's strange - there are mentions in the CHANGELOG of making metamail a recommendation and then a dependency, but not of removing it. It's only a RUN_DEPENDS, so maybe Hylafax handles its absence gracefully. Are there any Hylafax users out there who can test this for us?