LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Development page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Apache SpamAssassin 3.0.6 is out

[Posted June 6, 2006 by corbet]

From:  Theo Van Dinter <felicity-AT-apache.org>
To:  Spamassassin Users List <users-AT-spamassassin.apache.org>, Spamassassin Devel List <dev-AT-spamassassin.apache.org>, Spamassassin Announcements List <announce-AT-spamassassin.apache.org>
Subject:  ANNOUNCE: Apache SpamAssassin 3.0.6 available!
Date:  Mon, 5 Jun 2006 12:15:14 -0400
Archive-link:  Article, Thread 

Apache SpamAssassin 3.0.6 is now available!  This is a maintainance
release of the 3.0.x branch.

Downloads are available from:
  http://spamassassin.apache.org/downloads.cgi?update=20060...

The release file will also be available via CPAN in the near future.

md5sum of archive files:
  423eb193db9f7757c6d957f5c04550cb  Mail-SpamAssassin-3.0.6.tar.bz2
  bf0a1e1a7f6e5dd719deda6293b83e35  Mail-SpamAssassin-3.0.6.tar.gz
  72c012d51f8507c2839a34f900c80412  Mail-SpamAssassin-3.0.6.zip

sha1sum of archive files:
  10d42d954c421f40fbbd9411a5ff096e29240c6f  Mail-SpamAssassin-3.0.6.tar.bz2
  78358df8ea26513a8fbe466f484d19e487e5438f  Mail-SpamAssassin-3.0.6.tar.gz
  17031fd2c9b54846d4e41d7ea3945639659fd91e  Mail-SpamAssassin-3.0.6.zip


The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing 
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B

3.0.6 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options.  If either/both of those options are not
used, there is no vulnerability.

Changelog:

- bug 4926: given a certain set of parameters to spamd and a specially
  formatted input message, users could cause spamd to execute arbitrary
  commands as the spamd user
(Log in to post comments)

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds