You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Theo Van Dinter <fe...@apache.org> on 2006/06/05 18:13:09 UTC
ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Apache SpamAssassin 3.1.3 is now available! This is a maintainance
release of the 3.1.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750
The release file will also be available via CPAN in the near future.
md5sum of archive files:
5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2
32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz
6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip
sha1sum of archive files:
e1f4489ec8805985e0ca79765bde586bf0286725 Mail-SpamAssassin-3.1.3.tar.bz2
ed9e18fae6db86d0b77ce48d8262194e06df9ef8 Mail-SpamAssassin-3.1.3.tar.gz
090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <re...@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.1.3 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability. There was also a fix for the userstate
directory and prefs file not being created.
Changelog:
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.
Re: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Posted by Theo Van Dinter <fe...@apache.org>.
On Mon, Jun 05, 2006 at 06:46:09PM +0200, Kai Schaetzl wrote:
> > Yeah, the page is taking a little bit to mirror out.
>
> Ok, I see. I guessed you send it out only once it's up everywhere. BTW, it
Something like that. I update the front page after the release mail is sent
out so I can include a link to the release announcement on the main page.
However, since the apache webserver isn't the same machine that we generate
the pages on, we have to wait for rsync to run.
> seems a simple http://spamassassin.apache.org/downloads.cgi results in the
> same output than using the revision no. or what that extra stuff is.
> (actually, it doesn't matter what string is after the ?, it just seems to
> get ignored. Should it work that way?)
The number is a timestamp. In theory, the automatically chosen mirror will
have synced at a time greater than or equal to the one specified. At the
moment it looks like the mirrors chosen haven't updated, which is fairly
annoying. :(
--
Randomly Generated Tagline:
"The day Microsoft makes something that doesn't suck is probably the day
they start making vacuum cleaners." - Ernst Jan Plugge
Re: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Posted by Kai Schaetzl <ma...@conactive.com>.
Theo Van Dinter wrote on Mon, 5 Jun 2006 12:33:52 -0400:
> Yeah, the page is taking a little bit to mirror out.
Ok, I see. I guessed you send it out only once it's up everywhere. BTW, it
seems a simple http://spamassassin.apache.org/downloads.cgi results in the
same output than using the revision no. or what that extra stuff is.
(actually, it doesn't matter what string is after the ?, it just seems to
get ignored. Should it work that way?)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Posted by Theo Van Dinter <fe...@apache.org>.
On Mon, Jun 05, 2006 at 06:26:55PM +0200, Kai Schaetzl wrote:
> > http://spamassassin.apache.org/downloads.cgi?update=200606050750
>
> still lists 3.1.2.
Yeah, the page is taking a little bit to mirror out.
> btw, there's also no mention of 3.0.x versions on that page
Hrm, suboptimal! /me fixes
--
Randomly Generated Tagline:
Professor: Dirt doesn't need luck.
Re: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Posted by Kai Schaetzl <ma...@conactive.com>.
Theo Van Dinter wrote on Mon, 5 Jun 2006 12:13:09 -0400:
> Downloads are available from:
> http://spamassassin.apache.org/downloads.cgi?update=200606050750
still lists 3.1.2.
btw, there's also no mention of 3.0.x versions on that page
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com