I believe I have created a properly patched SRPM to replace the one on RF with that should fix all outstanding issues.
Its my first go at making a srpm but it compiles and runs ok on my side. It has 3 patches included: spamass-milter-0.3.1-popen.patch - Fixes this vulnerability. spamass-milter-0.3.1-rcvd.patch - Fixes a minor issue with Received headers spamass-milter-0.3.1-smtp-auth-bypass.patch - Bypasses scanning for email sent with SMTP auth. You can find it at: http://www.crc.id.au/downloads/spamass-milter-0.3.1-4.crc.src.rpm If some people can test it and it works as it should, feel free to retag it and place it into the repositories. On Wed, 17 Mar 2010 09:42:03 +0100, "Yury V. Zaytsev" <[email protected]> wrote: > Hi! > > On Tue, 2010-03-16 at 12:08 -0700, Paul Heinlein wrote: >> This is a heads-up that there might be an actively exploited >> vulnerability in either the spamassassin or spamass-milter package. >> I'm still unsure where the problem lies, but here's what I know. > > Thanks for letting us know! > > spamass-milter in the default RPMForge configuration does not run with > -x (I'm not even sure what's the practical use of it), so it's not > vulnerable. > > However I will be happy to include the patch that upstream is cooking > when it's ready: > > http://savannah.nongnu.org/bugs/index.php?29136 > > I don't have time to track this page and also do not have Savannah > account to subscribe to the bug updates, so it would be nice if somebody > could post to the list when they are done with it. > > Thanks! -- Steven Haigh Email: [email protected] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 Fax: (03) 8338 0299 _______________________________________________ users mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/users
