Re: SpamAssassin DOS-Fix anytime soon ?

To: debian-security@lists.debian.org
Subject: Re: SpamAssassin DOS-Fix anytime soon ?
From: Marek Olejniczak <marek@olmar.poznan.pl>
Date: Thu, 23 Jun 2005 15:52:14 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.62.0506231543250.3695@orion>
In-reply-to: <[🔎] 42BAA028.6060105@kapsobor.de>
References: <[🔎] 42BAA028.6060105@kapsobor.de>

On Thu, 23 Jun 2005 iso@kapsobor.de wrote:

a remote-dos-vulnerability in spamassassin 3.0.1-3.0.3 was announced a weekago. while most other distributions have since then reacted on this a debianstable security fix seems still unavailable. on the package maintainer's pageit says the fix is long done and is just waiting for the security-team to acton it [0].
so my question is: why has the fix not been released yet (after 7 days)?
after all, a remotely exploitable bug in most mailreceiving systems shouldhave a rather high priority.

There is also a bug in su package which is since 6 days not fixed. Hallo,security team, wake up! Debian Sarge is buggy! Sarge is dangerous.


Marek

Reply to:

Follow-Ups:
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Nicolas François <nicolas.francois@centraliens.net>

References:
- SpamAssassin DOS-Fix anytime soon ?
  - From: iso@kapsobor.de

Prev by Date: Re: POP3-Server recommendation
Next by Date: Re: SpamAssassin DOS-Fix anytime soon ?
Previous by thread: Re: SpamAssassin DOS-Fix anytime soon ?
Next by thread: Re: SpamAssassin DOS-Fix anytime soon ?
Index(es):
- Date
- Thread