Summary: | net-mail/qmail-autoresponder | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Daniel Ahlberg (RETIRED) <aliz> |
Component: | New packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | net-mail+disabled, rajiv |
Priority: | Highest | ||
Version: | 1.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Daniel Ahlberg (RETIRED)
2003-08-17 00:42:40 UTC
http://www.debian.org/security/2003/dsa-373 net-mail/qmail-autoresponder-0.96.1 is currently whats in portage. The CVE contained no version info so tracking this down (whats vuln and whats not) is a little pain in the rear. Best I can tell is the version we have in portage is really old. (Is there a reason for this?) http://www.debian.org/security/2003/dsa-373 has patches for 2.02 of the autoresponder. ok as we cant seem to get a responce from anybody from net-mail on this. I'm going to have to package.mask everything below <2.02 now maked in package.mask revision 1.2421 i did a little research and found that autorespond != qmail-autoresponder qmail-autoresponder is at http://untroubled.org/qmail-autoresponder/ autorespond is at <http://www.netmeridian.com/e-huss/autorespond.tar.gz> and was modified by debian. their modified source is linked to from the original advisory at <http://lists.debian.org/debian-security-announce/debian-security-announce-2003/ msg00175.html> removed qmail-autoresponder from package.mask rev 1.2422 fyi we do not have, and do not need an ebuild for autorespond. i believe that qmail-autoresponder is more robust and better maintained. thanks rajiv |