From: "Matt Kettler" <[EMAIL PROTECTED]>
> Theo Van Dinter wrote:
> > On Fri, Jun 24, 2005 at 07:45:52PM +0200, Tuyen DINH wrote:
> >
> >>According to the lastest announce, SpamAssassin from version 3.0.1 to
> >>3.0.3 is subject to a Denial of Service Vulnerability.
> >>
> >>So is Spamassassin 3.0.0 vulnerable ?
> >
> >
> > Is 3.0.0 between 3.0.1 and 3.0.3 ? ;)
> >
>
> I think the intent was to confirm this vulnerability really did only
affect
> 3.0.1-3.0.3 and was not a typo.
>
> AFAIK there are only 3 semi-recent SA versions with no DoS
vulnerabilities:
>
> 3.0.4
> 3.0.0
> 2.64
>
> 3.0.3-3.0.1 are vulnerable to CAN-2005-1266
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
>
> 2.63-2.50 are vulnerable to CAN-2004-0796
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796
>
> I can't tell you about any pre 2.50 DoS'es as I don't keep track of them
that
> far back :)
Besides, 3.0.0 is a DoS attack on itself, isn't it?
{O,o} <- crazed
