58583 – Gentoo-version of Postfix has been vulnerable for >3 months with no GLSA telling

Bug 58583 - Gentoo-version of Postfix has been vulnerable for >3 months with no GLSA telling

Summary: Gentoo-version of Postfix has been vulnerable for >3 months with no GLSA telling

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-07-27 13:49 UTC by Mogens Meier Christensen
Modified:	2004-07-27 14:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mogens Meier Christensen 2004-07-27 13:49:57 UTC

There has been released 5 versions of Postfix including security releases since 2004-04-23 but no ebuild has gone stable and no GLSA has been announced, so that people Postfix on a Gentoo Server has been vulnerable for more than 3 months now!!!

People complain about nothing happening (a lots of bug repports, see #48796, #54597, #56574, ...) but a final, official reaction

Would you advice a switch from postfix because of bad gentoo support (or the other way around?)

Comment 1 Kurt Lieber (RETIRED) gentoo-dev

2004-07-27 13:56:09 UTC

None of the bugs mention security fixes as being part of the upgrades.  How are we supposed to know a GLSA is needed?  What security issues are fixed in these upgrades?  

Provide us with something more than a complaint about inaction and we'll be happy to act.

Comment 2 Mogens Meier Christensen 2004-07-27 14:23:19 UTC

I was completely wrong filing these complaints and I am very sorry for that, please accept my appologies! :(