You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/08/24 23:12:04 UTC
Re: Website suggestion: security page.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt Kettler writes:
> Would the maintainer of the spamassassin.org website kindly consider adding a
> new "security" tab?
>
> My vision here is to have a central spot to list all the versions of SA affected
> by DoS and other security vulnerabilities, and have links off to the CVE
> entries, or some other security announcement, for them.
>
> Most notably you'll probably want to make mention of these:
>
> SpamAssassin versions 2.50 through 2.63 are affected by a DoS vulnerability
> caused by malformed messages.
>
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name�N-2004-0796
>
> SpamAssassin versions 3.0.1 through 3.0.3 are affected by a DoS vulnerability in
> the mime parser, caused by malformed messages.
>
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name�N-2005-1266
Hi Matt --
if you set up a Wiki page, I'll certainly add a tab for it. ;)
(I'm trying to avoid having hard-to-edit website static pages, since our
wiki-izing has been working very well by comparison, and we can certainly
maintain oversight over that page too.)
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFDDOKkMJF5cimLx9ARAixvAKCmDbbh+5BT3AMwSoR75l9KAZnFhgCfaeGt
Nnemcdnp2fIfTUunUb0tQrU=
=85sB
-----END PGP SIGNATURE-----