[VUA 37-1] Updated SpamAssassin package fixes security flaw

To: debian-volatile-announce@lists.debian.org
Subject: [VUA 37-1] Updated SpamAssassin package fixes security flaw
From: Martin Zobel-Helas <zobel@debian.org>
Date: Sun, 11 Nov 2007 15:36:10 +0100
Message-id: <[🔎] 20071111143610.GB6747@solar.ftbfs.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 37-1     http://volatile.debian.org
debian-volatile@lists.debian.org                               Stephen Gran
November 11, 2007
- ---------------------------------------------------------------------------

Package              : spamassassin
Version              : 3.2.3-0.volatile1
Importance           : low
CVE IDs              : CVE-2007-2873

The following security flaw was found and fixed in spamassassin:

[CVE-2007-2873]  A local user symlink vulnerability in some non-standard
                 configurations could lead to arbitrary file overwrites.

Additionally, this version brings many new enhancements and bugfixes.

For etch, an updated spamassassin package is available in etch/volatile 
as version 3.2.3-0.volatile1.

We recommend that you update your system.


Upgrade Instructions
- --------------------

You can get the updated packages at

http://volatile.debian.org/debian-volatile/pool/volatile/main/s/spamassassin

and install them with dpkg, or add 

 deb http://volatile.debian.org/debian-volatile etch/volatile main
 deb-src http://volatile.debian.org/debian-volatile etch/volatile main

to your /etc/apt/sources.list. You can also use any of our mirrors.  See
http://www.debian.org/volatile/volatile-mirrors for the full list of
mirrors.  The archive signing keys can be downloaded from
http://volatile.debian.org/ziyi-etch.asc and additionaly was included in
the stable point release r1 in Debian Etch.

For further information about debian-volatile, please refer to
http://www.debian.org/volatile/.

If there are any issues, please don't hesitate to get in touch with the
debian-volatile team.

- -- 
Martin Zobel-Helas                      GPG Key-ID:    0x5d64f870
Debian Developer                        eMail Privat:  zobel@ftbfs.de
Debian Stable Release Manager           eMail Debian:  zobel@debian.org
Debian Release Assistant                ICQ:           27309454
Debian Listmaster                       jabber ID:     zobel.helas@jabber.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHNxNaST77jl1k+HARAjvfAJ9z2ceu+5FoaV1RLKuO2tGAntezvgCg2i/t
3piMzU+wL6KaBTtssZb1pxo=
=KkWL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [VUA 36-1] Updated clamav package fixes security flaw
Next by Date: [VUA 38-1] Updated tzdata package
Previous by thread: [VUA 36-1] Updated clamav package fixes security flaw
Next by thread: [VUA 38-1] Updated tzdata package
Index(es):
- Date
- Thread