FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available!

Randal, Phil prandal at herefordshire.gov.uk
Mon Jun 5 17:36:01 IST 2006


The files aren't on all mirrors yet, but can definitely be found at




Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: Theo Van Dinter [mailto:felicity at apache.org] 
Sent: 05 June 2006 17:13
To: Spamassassin Users List; Spamassassin Devel List; Spamassassin
Announcements List
Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available!

Apache SpamAssassin 3.1.3 is now available!  This is a maintainance
release of the 3.1.x branch.

Downloads are available from:

The release file will also be available via CPAN in the near future.

md5sum of archive files:
  5f049f0b9fc63585a85593a3c68409bb  Mail-SpamAssassin-3.1.3.tar.bz2
  32ad78f3cdaddb02cdf0f55572604d07  Mail-SpamAssassin-3.1.3.tar.gz
  6cb6fc27c4466091b2bc4e04af8c39bf  Mail-SpamAssassin-3.1.3.zip

sha1sum of archive files:
  090dfd3eaa0481789fbf94f67bcf9c2dd6387959  Mail-SpamAssassin-3.1.3.zip

The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing 
key is available via the wwwkeys.pgp.net key server, as well as

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<release at spamassassin.org>
     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F

3.1.3 fixes a remote code execution vulnerability if spamd is run with
"--vpopmail" and "-P" options.  If either/both of those options are not
used, there is no vulnerability.  There was also a fix for the userstate
directory and prefs file not being created.


- bug 4926: given a certain set of parameters to spamd and a specially
  formatted input message, users could cause spamd to execute arbitrary
  commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
  under certain conditions.

More information about the MailScanner mailing list