Package: spamassassin Version: 3.0.3-1 Severity: important Tags: security, fixed-upstream
as per: > From [EMAIL PROTECTED] Wed Jun 15 21:12:13 2005 > From: Daniel Quinlan <[EMAIL PROTECTED]> > To: announce@spamassassin.apache.org > Subject: Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 > > Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial > of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The > vulnerability allows certain misformatted long message headers to cause > spam checking to take a very long time. > > While the exploit has yet to be seen in the wild, we are concerned that > there may be attempts to abuse the vulnerability in the future. > Therefore, we strongly recommend all users of these versions upgrade to > Apache SpamAssassin 3.0.4 as soon as possible. > > This issue has been assigned CVE id CAN-2005-1266 [1]. > > To contact the Apache SpamAssassin security team, please e-mail > security at spamassassin.apache.org. For more information about Apache > SpamAssassin, visit the http://spamassassin.apache.org/ web site. > > Apache SpamAssassin Security Team > > [0]: > http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/[EMAIL > PROTECTED] > > [1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 Although CVE still says "When the candidate has been publicized, the details for this candidate will be provided." Wasn't sure what severity to give this. Regards, Paddy -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages spamassassin depends on: hi debconf 1.4.30.13 Debian configuration management sy hi libdigest-sha1-perl 2.10-1 NIST SHA-1 message digest algorith hi libhtml-parser-perl 3.45-2 A collection of modules that parse hi perl [libstorable-perl] 5.8.4-8 Larry Wall's Practical Extraction hi spamc 3.0.3-1 Client for SpamAssassin spam filte -- debconf information: spamassassin/upgrade/2.40: spamassassin/upgrade/2.40w: spamassassin/upgrade/cancel: Continue spamassassin/upgrade/2.42m: No spamassassin/upgrade/2.42u: No -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]