Comment 5 for bug 136302
Revision history for this message
| Kees Cook (kees) wrote Re: [Bug 136302] Re: Sylpheed POP3 Format String Vulnerability | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Wed, Sep 05, 2007 at 05:03:25PM -0000, Adna rim wrote:
> So what alternative we have here? Letting a version in the repos which
> you are totally aware that it is vulnerable and my lead to arbitrary
> code execution or spending 5min just to take the updated version of
> 2.4.5.
Agreed; it is a lot of work. That's what makes an upstream easy to work
with or not for doing security updates. You can also check into SRU[1]
but that requires minimal changes too. Perhaps backports[2], once it is
fixed in Gutsy?
[1] https:/
[2] https:/