You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2006/06/29 03:18:55 UTC
[Spamassassin Wiki] Trivial Update of "Security" by MattKettler
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.
The following page has been changed by MattKettler:
http://wiki.apache.org/spamassassin/Security
The comment on the change is:
formatting
------------------------------------------------------------------------------
-
This page exists to provide quick reference to all past security notices that affect SpamAssassin. At this time this page is a work-in-progress, but it is belived to be a complete.
Please note that while this reference does cover security notices for versions of SpamAssassin older than 3.0.0, it should be noted these are pre-ASF releases. They are included here for completeness. Also note this document does not attempt to cover versions older than 2.40.
'''spamd remote code execution if -v AND -P options used'''
+
Versions affected: 2.50-3.0.5, 3.1.0-3.1.2
+ References:
- References: [http://spamassassin.apache.org/advisories/cve-2006-2447.txt]
+ [http://spamassassin.apache.org/advisories/cve-2006-2447.txt]
'''"many to: headers" DoS vuln'''
+
Versions affected: 3.0.4, possibly older versions.
+
References:
[http://secunia.com/advisories/17386/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351]
'''malformed message with long headers DoS'''
+
Versions affected: 3.0.1-3.0.3
+
References:
[http://secunia.com/advisories/15704/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266]
'''Unspecified malformed message DoS'''
+
Versions affected: 2.50-2.63
+
References:
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796]
'''Arbitrary code execution if BSMTP used'''
+
Versions affected: 2.40-2.43
+
References:
[http://www.securityfocus.com/bid/6679]
[http://secunia.com/advisories/7951/]