Re: SpamAssassin DOS-Fix anytime soon ?

To: debian-security@lists.debian.org
Subject: Re: SpamAssassin DOS-Fix anytime soon ?
From: Jan Lühr <jluehr@gmx.net>
Date: Thu, 23 Jun 2005 14:49:06 +0200
Message-id: <[🔎] 200506231449.06205.jluehr@gmx.net>
In-reply-to: <[🔎] 42BAA028.6060105@kapsobor.de>
References: <[🔎] 42BAA028.6060105@kapsobor.de>

Greetings,..

Am Donnerstag, 23. Juni 2005 13:42 schrieb iso@kapsobor.de:
> Hi list,
>
> a remote-dos-vulnerability in spamassassin 3.0.1-3.0.3 was announced a
> week ago. while most other distributions have since then reacted on this
>   a debian stable security fix seems still unavailable. on the package
> maintainer's page it says the fix is long done and is just waiting for
> the security-team to act on it [0].
>
> so my question is: why has the fix not been released yet (after 7 days)?
> after all, a remotely exploitable bug in most mailreceiving systems
> should have a rather high priority.

There is no reason to create a third threat for that issue.
If you wanna have a secure Linux port dist the package by yourself or use 
SuSE. They fixed it already.

fup2 previous threads.

Keep smiling
yanosz

Reply to:

Follow-Ups:
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Marek Olejniczak <marek@olmar.poznan.pl>

References:
- SpamAssassin DOS-Fix anytime soon ?
  - From: iso@kapsobor.de

Prev by Date: SpamAssassin DOS-Fix anytime soon ?
Next by Date: Re: POP3-Server recommendation
Previous by thread: SpamAssassin DOS-Fix anytime soon ?
Next by thread: Re: SpamAssassin DOS-Fix anytime soon ?
Index(es):
- Date
- Thread