FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available!

Randal, Phil prandal at herefordshire.gov.uk
Mon Jun 5 17:36:01 IST 2006 

FYI

The files aren't on all mirrors yet, but can definitely be found at

  http://www.eu.apache.org/dist/spamassassin/

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: Theo Van Dinter [mailto:felicity at apache.org] 
Sent: 05 June 2006 17:13
To: Spamassassin Users List; Spamassassin Devel List; Spamassassin
Announcements List
Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available!

Apache SpamAssassin 3.1.3 is now available!  This is a maintainance
release of the 3.1.x branch.

Downloads are available from:
  http://spamassassin.apache.org/downloads.cgi?update=200606050750

The release file will also be available via CPAN in the near future.

md5sum of archive files:
  5f049f0b9fc63585a85593a3c68409bb  Mail-SpamAssassin-3.1.3.tar.bz2
  32ad78f3cdaddb02cdf0f55572604d07  Mail-SpamAssassin-3.1.3.tar.gz
  6cb6fc27c4466091b2bc4e04af8c39bf  Mail-SpamAssassin-3.1.3.zip

sha1sum of archive files:
  e1f4489ec8805985e0ca79765bde586bf0286725
Mail-SpamAssassin-3.1.3.tar.bz2
  ed9e18fae6db86d0b77ce48d8262194e06df9ef8
Mail-SpamAssassin-3.1.3.tar.gz
  090dfd3eaa0481789fbf94f67bcf9c2dd6387959  Mail-SpamAssassin-3.1.3.zip


The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing 
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<release at spamassassin.org>
     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F
A05B

3.1.3 fixes a remote code execution vulnerability if spamd is run with
the
"--vpopmail" and "-P" options.  If either/both of those options are not
used, there is no vulnerability.  There was also a fix for the userstate
directory and prefs file not being created.

Changelog:

- bug 4926: given a certain set of parameters to spamd and a specially
  formatted input message, users could cause spamd to execute arbitrary
  commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
  under certain conditions.

More information about the MailScanner mailing list