Re: Website suggestion: security page.

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Matt Kettler writes:
> Would the maintainer of the spamassassin.org website kindly consider adding a
> new "security" tab?
> 
> My vision here is to have a central spot to list all the versions of SA affected
> by DoS and other security vulnerabilities, and have links off to the CVE
> entries, or some other security announcement, for them.
> 
> Most notably you'll probably want to make mention of these:
> 
> SpamAssassin versions 2.50 through 2.63 are affected by a DoS vulnerability
> caused by malformed messages.
> 
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name�N-2004-0796
> 
> SpamAssassin versions 3.0.1 through 3.0.3 are affected by a DoS vulnerability in
> the mime parser, caused by malformed messages.
> 
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name�N-2005-1266

Hi Matt --

if you set up a Wiki page, I'll certainly add a tab for it. ;)

(I'm trying to avoid having hard-to-edit website static pages, since our
wiki-izing has been working very well by comparison, and we can certainly
maintain oversight over that page too.)

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDDOKkMJF5cimLx9ARAixvAKCmDbbh+5BT3AMwSoR75l9KAZnFhgCfaeGt
Nnemcdnp2fIfTUunUb0tQrU=
=85sB
-----END PGP SIGNATURE-----