Am Freitag, 24. Juni 2005 15:58 schrieb Marek Olejniczak:On Fri, 24 Jun 2005, Nicolas [iso-8859-1] François wrote:On Thu, Jun 23, 2005 at 03:52:14PM +0200, Marek Olejniczak wrote:There is also a bug in su package which is since 6 days not fixed. Hallo, security team, wake up! Debian Sarge is buggy! Sarge is dangerous.Come down, this is - local - I already privileged user is needed.
Are you sure that this is only local bug? http://secunia.com/advisories/15704/
However, does anybody know, how this issue is handled in FreeBSD?
In FreeBSD is used spamassassin-3.0.4, which is not vulnerable: http://www.freebsd.org/cgi/ports.cgi?query=p5-Mail-SpamAssassin-3.0.4&stype=all&release=5-STABLE%2Fi386 --- Marek