It didn't make the transition to 64 bits worth of memory with the record intact. https://lwn.net/Articles/820969/ Although the CVE _is_ from 2005 so perhaps it doesn't count.

I mean... I'd say expecting a program written for a 32 bit OS to just work on 64 is excessive. And the fix is just to add mildly sane memory limits to the processes, which is an OS level task, thus, not necessarily a bug.

Not that the whole thing was very well handled.

I would argue that the fix is for the software to refuse to function if it can detect that it's in an environment where it won't function safely, to fail-closed rather than fail-open.

Fair enough, that's a good idea.

no one in their right mind keeps qmail-verify active for many reasons.