You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/08/16 22:02:27 UTC

SpamAssassin denial of service vulnerability details incorrect

http://www.securityfocus.com/bid/10898/discussion/

This vulnerability does not exist; as far as I can see, someone has
conflated GLSA 200408-06
(http://www.securityfocus.com/archive/1/371249/2004-08-06/2004-08-12/0),
which *is* an issue, with an entirely-separate bug report
(http://bugzilla.spamassassin.org/show_bug.cgi?id=3293).
SpamAssassin is not vulnerable to the latter supposed attack.

--j.