You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2007/06/15 19:31:18 UTC

[Spamassassin Wiki] Update of "Security" by JustinMason

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The following page has been changed by JustinMason:
http://wiki.apache.org/spamassassin/Security

------------------------------------------------------------------------------
  Please note that while this reference does cover security notices for versions of SpamAssassin prior to version 3.0.0, it should be noted these are pre-Apache releases. They are included here for completeness. Also note this document does not attempt to cover versions older than 2.40.
  
  Please also note that these notices apply to the official releases of SpamAssassin. Some third party distribution packages, such as Debian, choose to backport fixes. If you are using a distribution package with a version that appears vulnerable, check with the security advisories for that distribution to see if the fix has been backported.
+ 
+ 
+ 
+ '''Local user symlink-attack DoS vulnerability with "spamd --allow-tell -x" and other options'''
+ 
+ Versions affected: 3.1.0-3.1.8, 3.2.0
+ 
+ Fixed in: 3.1.9, 3.2.1
+ 
+ References:
+ [http://spamassassin.apache.org/advisories/cve-2007-2873.txt] [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2873]
  
  '''Overly long URLs DoS'''