FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available!

Julian Field MailScanner at ecs.soton.ac.uk
Mon Jun 5 20:16:48 IST 2006


MailScanner doesn't use spamd at all, so is not vulnerable anyway. It 
talks straight to the Perl library of SpamAssassin, there is nothing to 
get in the way.

sandrews at andrewscompanies.com wrote:
> The default config of mailscanner doesn't run with these switches, does
> it? 
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: Monday, June 05, 2006 2:51 PM
> To: MailScanner discussion
> Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
>
> Thanks for that. I have just updated the ClamAV + SpamAssassin package
> to contain the new 3.1.3 release of SpamAssassin.
>
> Randal, Phil wrote:
>   
>> FYI
>>
>> The files aren't on all mirrors yet, but can definitely be found at
>>
>>   http://www.eu.apache.org/dist/spamassassin/
>>
>> Cheers,
>>
>> Phil
>>
>> --
>> Phil Randal
>> Network Engineer
>> Herefordshire Council
>> Hereford, UK
>>
>> -----Original Message-----
>> From: Theo Van Dinter [mailto:felicity at apache.org]
>> Sent: 05 June 2006 17:13
>> To: Spamassassin Users List; Spamassassin Devel List; Spamassassin 
>> Announcements List
>> Subject: ANNOUNCE: Apache SpamAssassin 3.1.3 available!
>>
>> Apache SpamAssassin 3.1.3 is now available!  This is a maintainance 
>> release of the 3.1.x branch.
>>
>> Downloads are available from:
>>   http://spamassassin.apache.org/downloads.cgi?update=200606050750
>>
>> The release file will also be available via CPAN in the near future.
>>
>> md5sum of archive files:
>>   5f049f0b9fc63585a85593a3c68409bb  Mail-SpamAssassin-3.1.3.tar.bz2
>>   32ad78f3cdaddb02cdf0f55572604d07  Mail-SpamAssassin-3.1.3.tar.gz
>>   6cb6fc27c4466091b2bc4e04af8c39bf  Mail-SpamAssassin-3.1.3.zip
>>
>> sha1sum of archive files:
>>   e1f4489ec8805985e0ca79765bde586bf0286725
>> Mail-SpamAssassin-3.1.3.tar.bz2
>>   ed9e18fae6db86d0b77ce48d8262194e06df9ef8
>> Mail-SpamAssassin-3.1.3.tar.gz
>>   090dfd3eaa0481789fbf94f67bcf9c2dd6387959  
>> Mail-SpamAssassin-3.1.3.zip
>>
>>
>> The release files also have a .asc accompanying them.  The file serves
>>     
>
>   
>> as an external GPG signature for the given release file.  The signing 
>> key is available via the wwwkeys.pgp.net key server, as well as 
>> http://spamassassin.apache.org/released/GPG-SIGNING-KEY
>>
>> The key information is:
>>
>> pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key 
>> <release at spamassassin.org>
>>      Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F 
>> A05B
>>
>> 3.1.3 fixes a remote code execution vulnerability if spamd is run with
>>     
>
>   
>> the "--vpopmail" and "-P" options.  If either/both of those options 
>> are not used, there is no vulnerability.  There was also a fix for the
>>     
>
>   
>> userstate directory and prefs file not being created.
>>
>> Changelog:
>>
>> - bug 4926: given a certain set of parameters to spamd and a specially
>>   formatted input message, users could cause spamd to execute
>>     
> arbitrary
>   
>>   commands as the spamd user
>> - bug 4932: the userstate dir and userprefs file would not be created
>>   under certain conditions.
>>   
>>     
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store Professional
> Support Services at www.MailScanner.biz MailScanner thanks transtec
> Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website! 
>
>
>   

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list