SpamAssassin DOS-Fix anytime soon ?
Hi list,
a remote-dos-vulnerability in spamassassin 3.0.1-3.0.3 was announced a
week ago. while most other distributions have since then reacted on this
a debian stable security fix seems still unavailable. on the package
maintainer's page it says the fix is long done and is just waiting for
the security-team to act on it [0].
so my question is: why has the fix not been released yet (after 7 days)?
after all, a remotely exploitable bug in most mailreceiving systems
should have a rather high priority.
greets
iso
[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314447
--
Reply to: