Re: CVE-2006-2314: debian dovecot package vulnerable. (fwd)
also sprach martin f krafft [EMAIL PROTECTED] [2006.06.15.1832 +0200]: Have you talked to the stable release team? Maybe they'd be willing to let it into the next update? I am sorry, I accidentally replied to this as if it had come in via a different mailing list. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system hi! i'm a .signature virus! copy me into your ~/.signature to help me spread! signature.asc Description: Digital signature (GPG/PGP)
Re: CVE-2006-2314: debian dovecot package vulnerable. (fwd)
Aargh forgot to send this yesterday. Please cc me on any replies, I'm not subscribed to the list. -- Forwarded message -- A question for the stable release managers. In bug #369359, Martin Pitt also sent a patch to fix this problem for the sarge version of Dovecot. When I mentioned this to the security team, Joey replied: Please talk to the stable release managers. We don't consider this a vulnerability in dovecot but an update required after the security update of PostgreSQL which has to go in via proposed-updates. So how do I proceed? -- Jaldhar H. Vyas [EMAIL PROTECTED] La Salle Debain - http://www.braincells.com/debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CVE-2006-2314: debian dovecot package vulnerable. (fwd)
I tend to agree with Joey on the issue, though I do think it's not very nice that the postgresql security upgrade breaks other packages. But going via stable-proposed-updates seems like the right path. Have you talked to the stable release team? Maybe they'd be willing to let it into the next update? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver! they that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- benjamin franklin signature.asc Description: Digital signature (GPG/PGP)
Re: CVE-2006-2314: debian dovecot package vulnerable. (fwd)
martin f krafft wrote: I tend to agree with Joey on the issue, though I do think it's not very nice that the postgresql security upgrade breaks other packages. But going via stable-proposed-updates seems like the right path. Have you talked to the stable release team? Maybe they'd be willing to let it into the next update? I'd say... Maybe... Just maybe... Did it ever occur to you that this may be the reason Jaldhar asked on debian-release, the list the stable release team confirmed as a requirement for uploading to proosed-updates? Regards, Joey -- We all know Linux is great... it does infinite loops in 5 seconds. -- Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]