Package: spamassassin
Version: 3.1.7-1
Severity: important
Tags: security patch


There is a DoS in apparantly all versions of spamassassin prior to
3.1.8 (which is not released yet). The details of this are obtained
through this bugzilla log:

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318

As well as a patch to fix the issue for 3.1.8. This will likely require
a backported fix for sarge. 

CVE id to be assigned shortly.

Micah


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-vserver-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages spamassassin depends on:
ii  libdigest-sha1-perl           2.11-2     NIST SHA-1 message digest algorith
ii  libhtml-parser-perl           3.56-1     A collection of modules that parse
ii  libnet-dns-perl               0.59-1     Perform DNS queries from a Perl sc
pn  libsocket6-perl               <none>     (no description available)
ii  perl                          5.8.8-7    Larry Wall's Practical Extraction 

Versions of packages spamassassin recommends:
pn  libmail-spf-query-perl        <none>     (no description available)
ii  perl [libmime-base64-perl]    5.8.8-7    Larry Wall's Practical Extraction 
pn  spamc                         <none>     (no description available)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to