SpamAssassin DOS-Fix anytime soon ?

To: debian-security@lists.debian.org
Subject: SpamAssassin DOS-Fix anytime soon ?
From: iso@kapsobor.de
Date: Thu, 23 Jun 2005 13:42:32 +0200
Message-id: <[🔎] 42BAA028.6060105@kapsobor.de>

Hi list,

a remote-dos-vulnerability in spamassassin 3.0.1-3.0.3 was announced aweek ago. while most other distributions have since then reacted on thisa debian stable security fix seems still unavailable. on the packagemaintainer's page it says the fix is long done and is just waiting forthe security-team to act on it [0].


so my question is: why has the fix not been released yet (after 7 days)?

after all, a remotely exploitable bug in most mailreceiving systemsshould have a rather high priority.


greets
iso

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314447

--

Reply to:

Follow-Ups:
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Jan Lühr <jluehr@gmx.net>
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Marek Olejniczak <marek@olmar.poznan.pl>

Prev by Date: Re: POP3-Server recommendation
Next by Date: Re: SpamAssassin DOS-Fix anytime soon ?
Previous by thread: Re: POP3-Server recommendation
Next by thread: Re: SpamAssassin DOS-Fix anytime soon ?
Index(es):
- Date
- Thread