[VUA 26-1] Updated spamassassin packages fixes denial of service

To: debian-volatile-announce@lists.debian.org
Subject: [VUA 26-1] Updated spamassassin packages fixes denial of service
From: "Felipe Augusto van de Wiel (faw)" <faw@debian.org>
Date: Wed, 21 Feb 2007 00:55:38 -0200
Message-id: <[🔎] 45DBB4AA.4020105@debian.org>
Reply-to: debian-volatile@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 26-1     http://volatile.debian.net
debian-volatile@lists.debian.org                 Felipe Augusto van de Wiel
February 21th, 2007 				     and Martin Zobel-Helas
- ---------------------------------------------------------------------------


Package              : spamassassin
Version              : 3.1.4-0volatile2
Importance           : high
CVE IDs              : CVE-2007-0451

A remotely exploitable vulnerability has been found in SpamAssassin, which
could cause a denial of service when when handling messages containing
overly long URLs.

For sarge, an updated spamassassin package is available in
sarge/volatile-sloppy as version 3.1.4-0volatile2.

This advisory was sent out without builds for mips and mipsel architectures
being available. They will be released as soon as they are available.


Upgrade Instructions
- --------------------

You can get the updated packages at

http://volatile.debian.net/debian-volatile/pool/volatile/main/s/spamassassin/

and install them with dpkg, or add

 deb http://volatile.debian.net/debian-volatile sarge/volatile-sloppy main
 deb-src http://volatile.debian.net/debian-volatile sarge/volatile-sloppy main

to your /etc/apt/sources.list. You can also use any of our mirrors.

In addition, you need to pin spamassassin and/or spamc in /etc/apt/preferences
(unless that has already happened before):

 Package: spamassassin
 Pin: release a=sarge-sloppy, version 3.1.4*
 Pin-Priority: 500

 Package: spamc
 Pin: release a=sarge-sloppy, version 3.1.4*
 Pin-Priority: 500


Please see http://www.debian.org/devel/debian-volatile/volatile-mirrors for
the full list of mirrors.  The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-sarge.asc

For further information about debian-volatile, please refer to
http://volatile.debian.net/.

If there are any issues, please don't hesitate to get in touch with the
volatile team.

- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF27SqCjAO0JDlykYRAnd0AJ9QF39GV0EHF6xk6YitJD296ILblwCdHn9A
2zwnHWdwk9pyZYcQJ4lb3qA=
=QkfZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [VUA 25-1] Updated clamav package fixes security flaw
Next by Date: [VUA 27-1] Updated clamav package
Previous by thread: [VUA 25-1] Updated clamav package fixes security flaw
Next by thread: [VUA 27-1] Updated clamav package
Index(es):
- Date
- Thread