Theo Van Dinter wrote: > On Fri, Jun 24, 2005 at 07:45:52PM +0200, Tuyen DINH wrote: > >>According to the lastest announce, SpamAssassin from version 3.0.1 to >>3.0.3 is subject to a Denial of Service Vulnerability. >> >>So is Spamassassin 3.0.0 vulnerable ? > > > Is 3.0.0 between 3.0.1 and 3.0.3 ? ;) >
I think the intent was to confirm this vulnerability really did only affect 3.0.1-3.0.3 and was not a typo. AFAIK there are only 3 semi-recent SA versions with no DoS vulnerabilities: 3.0.4 3.0.0 2.64 3.0.3-3.0.1 are vulnerable to CAN-2005-1266 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 2.63-2.50 are vulnerable to CAN-2004-0796 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796 I can't tell you about any pre 2.50 DoS'es as I don't keep track of them that far back :)
