Bug 166969 - mail-filter/spamassassin DoS <3.1.8 (CVE-2007-0451)
Bug#: 166969 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: enhancement Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: gentoo@valli.org
Component: Vulnerabilities
URL:  http://spamassassin.apache.org/
Summary: mail-filter/spamassassin DoS <3.1.8 (CVE-2007-0451)
Keywords:  
Status Whiteboard: B3 [glsa]
Opened: 2007-02-15 08:18 0000
Description:   Opened: 2007-02-15 08:18 0000 
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt

Reproducible: Always

------- Comment #1 From MATSUU Takuto 2007-02-16 03:08:52 0000 ------- 
3.1.8 contains security fix for CVE-2007-0451.

------- Comment #2 From Michael Cummings (RETIRED) 2007-02-16 16:22:43 0000 ------- 
Bumped

------- Comment #3 From Raphael Marichez 2007-02-17 23:56:44 0000 ------- 
Thanks;

hi arches, please test and mark stable spamassassin-3.1.8 if appropriate,
thanks

------- Comment #4 From Jeroen Roovers 2007-02-18 02:06:17 0000 ------- 
Stable for HPPA.

------- Comment #5 From Markus Rothe 2007-02-18 08:40:51 0000 ------- 
ppc64 stable

------- Comment #6 From Alexander Færøy 2007-02-18 10:47:15 0000 ------- 
Stable on Alpha, IA64 and MIPS.

------- Comment #7 From Tobias Scherbaum 2007-02-18 11:12:34 0000 ------- 
ppc stable

------- Comment #8 From Markus Meier 2007-02-18 12:15:47 0000 ------- 
mail-filter/spamassassin-3.1.8  USE="berkdb ipv6 ldap ssl -doc -mysql -postgres
-qmail -sqlite -tools"
1. emerges on x86
2. passes test suite
3. passes collision test
4. evolution still works with it

Portage 2.1.2-r9 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0,
2.6.19.3 i686)
=================================================================
System uname: 2.6.19.3 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 17 Feb 2007 09:30:01 +0000
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli
cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds emboss
encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal
iconv ipv6 isdnlog java jpeg kde kdeenablefinal ldap libg++ mad midi mikmod mmx
mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds
pppd python qt3 qt4 quicktime readline reflection rtsp ruby samba sdl session
smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype
truetype-fonts type1-fonts unicode vcd vorbis win32codecs wxwindows x264 x86
xine xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="keyboard mouse"
KERNEL="linux" LINGUAS="en de en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810
fbdev vesa"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #9 From Raúl Porcel 2007-02-18 12:40:38 0000 ------- 
x86 stable

------- Comment #10 From Jason Wever (RETIRED) 2007-02-18 18:39:59 0000 ------- 
SPARC stable

------- Comment #11 From Malcolm Lashley (RETIRED) 2007-02-19 20:55:03 0000 ------- 
amd64 stable, anyone for a nice cup of GLSA?

------- Comment #12 From Raphael Marichez 2007-02-23 17:46:40 0000 ------- 
thanks arches,

i vote for a GLSA

------- Comment #13 From Matthias Geerdsen 2007-02-25 19:43:07 0000 ------- 
agreed

------- Comment #14 From Raphael Marichez 2007-03-02 00:36:12 0000 ------- 
GLSA 200703-02, thanks everybody