[Spamassassin Wiki] Update of "Security" by MattKettler

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The following page has been changed by MattKettler:
http://wiki.apache.org/spamassassin/Security

The comment on the change is:
Added a listing of Security notices.

New page:
= Security =

This page exists to provide  quick reference to all past security notices that affect SpamAssassin. At this time this page is a work-in-progress, but it is belived to be a complete.

Please note that while this reference does cover security notices for versions of SpamAssassin older than 3.0.0, it should be noted these are pre-ASF releases. They are included here for completeness. Also note this document does not attempt to cover versions older than 2.40.

'''spamd remote code execution if -v AND -P options used'''
Versions affected: 2.50-3.0.5, 3.1.0-3.1.2 
References: [http://spamassassin.apache.org/advisories/cve-2006-2447.txt]


'''"many to: headers" DoS vuln'''
Versions affected: 3.0.4, possibly older versions.
References: 
[http://secunia.com/advisories/17386/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351]

'''malformed message with long headers DoS'''
Versions affected: 3.0.1-3.0.3
References: 
[http://secunia.com/advisories/15704/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266]

'''Unspecified malformed message DoS'''
Versions affected: 2.50-2.63
References:
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796]

'''Arbitrary code execution if BSMTP used'''
Versions affected: 2.40-2.43
References:    
[http://www.securityfocus.com/bid/6679]
[http://secunia.com/advisories/7951/]