FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Jun 5 19:51:21 IST 2006
Thanks for that. I have just updated the ClamAV + SpamAssassin package
to contain the new 3.1.3 release of SpamAssassin.
Randal, Phil wrote:
> FYI
>
> The files aren't on all mirrors yet, but can definitely be found at
>
> http://www.eu.apache.org/dist/spamassassin/
>
> Cheers,
>
> Phil
>
> --
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> -----Original Message-----
> From: Theo Van Dinter [mailto:felicity at apache.org]
> Sent: 05 June 2006 17:13
> To: Spamassassin Users List; Spamassassin Devel List; Spamassassin
> Announcements List
> Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
>
> Apache SpamAssassin 3.1.3 is now available! This is a maintainance
> release of the 3.1.x branch.
>
> Downloads are available from:
> http://spamassassin.apache.org/downloads.cgi?update=200606050750
>
> The release file will also be available via CPAN in the near future.
>
> md5sum of archive files:
> 5f049f0b9fc63585a85593a3c68409bb Mail-SpamAssassin-3.1.3.tar.bz2
> 32ad78f3cdaddb02cdf0f55572604d07 Mail-SpamAssassin-3.1.3.tar.gz
> 6cb6fc27c4466091b2bc4e04af8c39bf Mail-SpamAssassin-3.1.3.zip
>
> sha1sum of archive files:
> e1f4489ec8805985e0ca79765bde586bf0286725
> Mail-SpamAssassin-3.1.3.tar.bz2
> ed9e18fae6db86d0b77ce48d8262194e06df9ef8
> Mail-SpamAssassin-3.1.3.tar.gz
> 090dfd3eaa0481789fbf94f67bcf9c2dd6387959 Mail-SpamAssassin-3.1.3.zip
>
>
> The release files also have a .asc accompanying them. The file serves
> as an external GPG signature for the given release file. The signing
> key is available via the wwwkeys.pgp.net key server, as well as
> http://spamassassin.apache.org/released/GPG-SIGNING-KEY
>
> The key information is:
>
> pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
> <release at spamassassin.org>
> Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F
> A05B
>
> 3.1.3 fixes a remote code execution vulnerability if spamd is run with
> the
> "--vpopmail" and "-P" options. If either/both of those options are not
> used, there is no vulnerability. There was also a fix for the userstate
> directory and prefs file not being created.
>
> Changelog:
>
> - bug 4926: given a certain set of parameters to spamd and a specially
> formatted input message, users could cause spamd to execute arbitrary
> commands as the spamd user
> - bug 4932: the userstate dir and userprefs file would not be created
> under certain conditions.
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the MailScanner
mailing list