[VUA 37-1] Updated SpamAssassin package fixes security flaw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 37-1 http://volatile.debian.org
debian-volatile@lists.debian.org Stephen Gran
November 11, 2007
- ---------------------------------------------------------------------------
Package : spamassassin
Version : 3.2.3-0.volatile1
Importance : low
CVE IDs : CVE-2007-2873
The following security flaw was found and fixed in spamassassin:
[CVE-2007-2873] A local user symlink vulnerability in some non-standard
configurations could lead to arbitrary file overwrites.
Additionally, this version brings many new enhancements and bugfixes.
For etch, an updated spamassassin package is available in etch/volatile
as version 3.2.3-0.volatile1.
We recommend that you update your system.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.org/debian-volatile/pool/volatile/main/s/spamassassin
and install them with dpkg, or add
deb http://volatile.debian.org/debian-volatile etch/volatile main
deb-src http://volatile.debian.org/debian-volatile etch/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors. See
http://www.debian.org/volatile/volatile-mirrors for the full list of
mirrors. The archive signing keys can be downloaded from
http://volatile.debian.org/ziyi-etch.asc and additionaly was included in
the stable point release r1 in Debian Etch.
For further information about debian-volatile, please refer to
http://www.debian.org/volatile/.
If there are any issues, please don't hesitate to get in touch with the
debian-volatile team.
- --
Martin Zobel-Helas GPG Key-ID: 0x5d64f870
Debian Developer eMail Privat: zobel@ftbfs.de
Debian Stable Release Manager eMail Debian: zobel@debian.org
Debian Release Assistant ICQ: 27309454
Debian Listmaster jabber ID: zobel.helas@jabber.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHNxNaST77jl1k+HARAjvfAJ9z2ceu+5FoaV1RLKuO2tGAntezvgCg2i/t
3piMzU+wL6KaBTtssZb1pxo=
=KkWL
-----END PGP SIGNATURE-----
Reply to: