-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 08 Dec 2014 23:39:45 +0900 Source: getmail4 Binary: getmail4 Architecture: source all Version: 4.46.0-1~deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Osamu Aoki <osamu@debian.org> Changed-By: Osamu Aoki <osamu@debian.org> Description: getmail4 - mail retriever with support for POP3, IMAP4 and SDPS Closes: 766670 Changes: getmail4 (4.46.0-1~deb6u1) squeeze-lts; urgency=high . * Address security issues (MITM: CVE-2014-7273, CVE-2014-7274, and CVE-2014-7275) with the newer upstream release. The upstream stated: The changes in getmail to allow it to perform server SSL certificate validation and various other advanced SSL options: would you call those a new feature? Because it clearly is. But on the other hand, some people consider the previous behaviour a bug, so perhaps its a bugfix. But others say it closes a security hole, so it's a security fix. I see no way to make a clear-cut distinction between any of those three possibilities. I don't think you need to drop *anything*. getmail hasn't had much in the way of new features in many years, and I try to maintain compatibility as much as is practical. Just update to the latest version. ... specifically in regards to getmail in its "mature" state, where pretty much the only changes going in are bugfixes and minor feature enhancements, which are difficult to distinguish between. ... I hope Debian can simply accept the newer version of getmail; as I said, I try very hard to keep it compatible when things like the additional SSL certificate options were added, and getmail v.4 by itself is more than ten years old at this point, long into its quiescent "adult" period as far as software goes ;) Closes: #766670 Checksums-Sha1: 5e73d0ec6b2d02c99c2fa4737ae9eac1955d0c68 1835 getmail4_4.46.0-1~deb6u1.dsc 09f452555c7c65bfc00a52ac9fa33014108b3365 8209 getmail4_4.46.0-1~deb6u1.debian.tar.gz d10db85bd170dae12ae12b0d0478fbbcdd25a6d6 198584 getmail4_4.46.0-1~deb6u1_all.deb Checksums-Sha256: 31c7eb417ed5b9d2a8d41b0e674ccd65d1a783c6bd1452e6e89c2210e5caba47 1835 getmail4_4.46.0-1~deb6u1.dsc 910f00d9968c0b4c3fb07fede6a2c9eabeccc379409db0a88099882fd71c4f45 8209 getmail4_4.46.0-1~deb6u1.debian.tar.gz 53cacf019596a53cc9d16e70b02cde1f44cd6b2297d3b7bcd18978e2b3bdd86d 198584 getmail4_4.46.0-1~deb6u1_all.deb Files: 2c74dc42a73bc135c68962b57212f875 1835 mail optional getmail4_4.46.0-1~deb6u1.dsc b193e18c5b04927a51d023d6773b2166 8209 mail optional getmail4_4.46.0-1~deb6u1.debian.tar.gz 6682805369ad7339c090be346bad4240 198584 mail optional getmail4_4.46.0-1~deb6u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUhu+vAAoJEB4TVogd2NeRNR4P/iooLVoP8RuI6kYaBWJ0Onl/ P9QTA/eYLBfhjqOoRBhsLVVHVu3Vhy86DOe/LMRuLpP5OwyjcljG/u7aCxkj5Bj/ OTo6dxs0mIjczkFst95M2I3USUBKWscLnP5IAf8hGhQoCCECHPvBCjA2bpEYBzXI 8NA9l/zAkrjwMrfwtZqPzLXRCC2w6kHzOrjtvvIes1UTpWynYFw9B0l5iiNuZeWf HOgN28FfoLKyw4tGruoUinZCKow6qSZTFga9LMkLjmRLjW+/1t/dUNMOOzCHy8Ao PGzfj4u5+24TGUiWK2K5irYYMqLzrzGxYQaj7ENE/RR6ITTg4fZNke8U/CKx1dyd CuYofFs34OOa587rS43GH4PN3ydrQc2LaM+OBCVF54KoWNK6EAmDWJbq0CH6qUdQ UMA8Ur22gLfU5ADxYwr0tHJJnl0vm86TkapHg4QN4YCCMUfsou04Ix3GXFxEf6WA Cjaog8KdkVls+0kFlcMfbPAsuFVdptJtR91sZFuzKrd50Bj4ApugYroabi6+9qZQ PcuSP+u1KKNvM9q7430uiRfTJhTtZS5fm4dMRRgK/7gas9yNIpd+RV+ZMVK+jg1k 4s8p+lOewl3trkwB6dJnwxcC9dgbsJVoIJt4UoABbEdEr+AKdHsfFme4hmzHxUIk EnBjLFliJlI3seO+sMHG =4GA0 -----END PGP SIGNATURE-----