You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/06/11 22:15:35 UTC
svn commit: r546254 -
/spamassassin/branches/3.1/build/announcements/3.1.9.txt
Author: jm
Date: Mon Jun 11 13:15:35 2007
New Revision: 546254
URL: http://svn.apache.org/viewvc?view=rev&rev=546254
Log:
add 3.1.9 build announcement
Added:
spamassassin/branches/3.1/build/announcements/3.1.9.txt
Added: spamassassin/branches/3.1/build/announcements/3.1.9.txt
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/build/announcements/3.1.9.txt?view=auto&rev=546254
==============================================================================
--- spamassassin/branches/3.1/build/announcements/3.1.9.txt (added)
+++ spamassassin/branches/3.1/build/announcements/3.1.9.txt Mon Jun 11 13:15:35 2007
@@ -0,0 +1,53 @@
+To: users, dev, announce
+Subject: ANNOUNCE: Apache SpamAssassin 3.1.9 available!
+
+Apache SpamAssassin 3.1.9 is now available! This is a maintenance and
+security release of the 3.1.x branch. It is highly recommended that
+people upgrade to this version from 3.0.x or 3.1.x.
+
+Downloads are available from:
+ http://spamassassin.apache.org/downloads.cgi?update=200706081100
+
+The release file will also be available via CPAN in the near future.
+
+ md5sum of archive files:
+ ad5d812b1a04228f3dc3147ebd649bb3 Mail-SpamAssassin-3.1.9.tar.bz2
+ c0a6dc8564e60bf50d1792e4edc18e97 Mail-SpamAssassin-3.1.9.tar.gz
+ a1ed25d0878d102c17a91233ee741f87 Mail-SpamAssassin-3.1.9.zip
+
+ sha1sum of archive files:
+ bed85f0b7e269253e925831015f11809009080eb Mail-SpamAssassin-3.1.9.tar.bz2
+ 181e0ca4e0568bb51e955b8b8e4595313fb7de8b Mail-SpamAssassin-3.1.9.tar.gz
+ c5f87a454ce4562558fd1af9ea71b7b858899f3e Mail-SpamAssassin-3.1.9.zip
+
+The release files also have a .asc accompanying them. The file serves
+as an external GPG signature for the given release file. The signing
+key is available via the wwwkeys.pgp.net key server, as well as
+http://spamassassin.apache.org/released/GPG-SIGNING-KEY
+
+The key information is:
+
+pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <re...@spamassassin.org>
+ Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
+
+
+3.1.9 is a major bug-fix release, including a potential local DoS. The major
+highlights are:
+
+- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
+ vulnerability. It only affects systems where spamd is run as root, is used
+ with vpopmail or virtual users via the "-v"/"--vpopmail" OR
+ "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
+ WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
+ This is not default on any distro package, and is not a common configuration.
+ More details of the vulnerability can be read at
+ <http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
+
+- bug 5353 - meta rule parsing should handle not equal ("!=") syntax.
+
+- set the score for URI_TRUNCATED to 0.001.
+
+- bug 5337: change the start order for Fedora such that spamd starts before the
+ MTA.
+
+