You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Matt Kettler <mk...@evi-inc.com> on 2005/08/24 23:01:14 UTC

Website suggestion: security page.

Would the maintainer of the spamassassin.org website kindly consider adding a
new "security" tab?

My vision here is to have a central spot to list all the versions of SA affected
by DoS and other security vulnerabilities, and have links off to the CVE
entries, or some other security announcement, for them.

Most notably you'll probably want to make mention of these:

SpamAssassin versions 2.50 through 2.63 are affected by a DoS vulnerability
caused by malformed messages.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796

SpamAssassin versions 3.0.1 through 3.0.3 are affected by a DoS vulnerability in
the mime parser, caused by malformed messages.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266