Thanks Sam. That's put my mind at ease.


To my knowledge, there are no security issues in version 4.3.1.  I've since
fixed several bugs that can cause crashes, but nothing I can imagine could
be a security risk.


There have been recent bugs in OpenSSL and glibc; those libraries should
definitely be upgraded anyway.  spamdyke loads the libraries dynamically,
which means they aren't included in the spamdyke binary, so just upgrading
them should be enough -- the next time spamdyke starts (when the next remote
server connects) it'll load the new version(s).


If it's any consolation, spamdyke isn't vulnerable to the recent glibc
"GHOST" bug -- the last version to use the vulnerable gethostbyname()
function was 3.0.1, back in 2007.

-- Sam Clippinger


spamdyke-users mailing list

Reply via email to