Comment 4 for bug 136302

Sounds pretty laborious if you are aware that the patch file for this bug (from 2.4.4 to 2.4.5) has around 13000 lines of code that you're having to look through to make this bugfix. Of course just if there was no other change within 2.3.1 in the repos to 2.4.* what makes applying this patch totally impossible and would force you to write a totally new one.

While I'm reading the patchfile there was next to this pop3 format string vuln another format string bug in address completion which has been patched.

So what alternative we have here? Letting a version in the repos which you are totally aware that it is vulnerable and my lead to arbitrary code execution or spending 5min just to take the updated version of 2.4.5.

 greets