Spamassassin in portage is old. I know that there's an ebuild for 3.0.4,
but it's marked unstable still..
Just an FYI.
[ebuild R ] mail-filter/spamassassin-3.0.2-r1
-------- Original Message --------
Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3
Date: Wed, 15 Jun 2005 13:00:46 -0700
From: Daniel Quinlan <[EMAIL PROTECTED]>
Reply-To: users@spamassassin.apache.org
To: announce@spamassassin.apache.org
CC: users@spamassassin.apache.org, dev@spamassassin.apache.org
Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial
of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The
vulnerability allows certain misformatted long message headers to cause
spam checking to take a very long time.
While the exploit has yet to be seen in the wild, we are concerned that
there may be attempts to abuse the vulnerability in the future.
Therefore, we strongly recommend all users of these versions upgrade to
Apache SpamAssassin 3.0.4 as soon as possible.
This issue has been assigned CVE id CAN-2005-1266 [1].
To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the http://spamassassin.apache.org/ web site.
Apache SpamAssassin Security Team
[0]:
http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/[EMAIL PROTECTED]
[1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
--
gentoo-user@gentoo.org mailing list
