[VUA 26-1] Updated spamassassin packages fixes denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 26-1 http://volatile.debian.net
debian-volatile@lists.debian.org Felipe Augusto van de Wiel
February 21th, 2007 and Martin Zobel-Helas
- ---------------------------------------------------------------------------
Package : spamassassin
Version : 3.1.4-0volatile2
Importance : high
CVE IDs : CVE-2007-0451
A remotely exploitable vulnerability has been found in SpamAssassin, which
could cause a denial of service when when handling messages containing
overly long URLs.
For sarge, an updated spamassassin package is available in
sarge/volatile-sloppy as version 3.1.4-0volatile2.
This advisory was sent out without builds for mips and mipsel architectures
being available. They will be released as soon as they are available.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/s/spamassassin/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile-sloppy main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile-sloppy main
to your /etc/apt/sources.list. You can also use any of our mirrors.
In addition, you need to pin spamassassin and/or spamc in /etc/apt/preferences
(unless that has already happened before):
Package: spamassassin
Pin: release a=sarge-sloppy, version 3.1.4*
Pin-Priority: 500
Package: spamc
Pin: release a=sarge-sloppy, version 3.1.4*
Pin-Priority: 500
Please see http://www.debian.org/devel/debian-volatile/volatile-mirrors for
the full list of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-sarge.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF27SqCjAO0JDlykYRAnd0AJ9QF39GV0EHF6xk6YitJD296ILblwCdHn9A
2zwnHWdwk9pyZYcQJ4lb3qA=
=QkfZ
-----END PGP SIGNATURE-----
Reply to: