First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 59483
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Malte S. Stretz <gentoo-bugger@msquadrat.de>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
spamassassin-2.64.ebuild spamassassin-2.64.ebuild text/plain Malte S. Stretz 2004-08-04 21:10 0000 2.32 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 59483 depends on: Show dependency tree
Bug 59483 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-04 21:10 0000 
Today we released v2.64 which contains an important security fix to prevent a
DoS attack against system running SpamAssassin.

The announcement (can't link as it hasn't reached the archives yet):


> Subject: SpamAssassin 2.64 is released!

SpamAssassin is a mail filter which uses advanced statistical
and heuristic tests to identify spam (also known as unsolicited
commercial/bulk email).

Downloading
-----------

Pick it up from:

  http://old.SpamAssassin.org/released/Mail-SpamAssassin-2.64.tar.gz
  http://old.SpamAssassin.org/released/Mail-SpamAssassin-2.64.tar.bz2
  http://old.SpamAssassin.org/released/Mail-SpamAssassin-2.64.zip

md5sum of archive files:
a82a9dab95462d102e253edb99091fdd  Mail-SpamAssassin-2.64.tar.gz
cd482160ddbe371bbf4fb58b715ebbdf  Mail-SpamAssassin-2.64.tar.bz2
82a8f47ad87774b5a94805ed9bc6753b  Mail-SpamAssassin-2.64.zip
sha1sum of archive files:
7d5776a7c462c849bc48f12a48ed82dc929ac06f  Mail-SpamAssassin-2.64.tar.gz
ea4925c6967249a581c4966d1cefd1a3162eb639  Mail-SpamAssassin-2.64.tar.bz2
5922db581c6ef8026455ecce055f14a25b499a3b  Mail-SpamAssassin-2.64.zip


Or on CPAN shortly, once the mirrors update.

The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing
key is available via the wwwkeys.pgp.net keyserver, as well as
http://www.spamassassin.org/released/GPG-SIGNING-KEY

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<release@spamassassin.org>
    Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B

Summary of major changes since 2.63
-----------------------------------

  - Security fix prevents a denial of service attack open to certain
    malformed messages.
  - Backported several very reliable rules from the SpamAssassin 3.0.0
    codebase.

------- Comment #1 From Malte S. Stretz 2004-08-04 21:10:47 0000 ------- 
Created an attachment (id=36794) [details]
spamassassin-2.64.ebuild

The ebuild; bumping isn't enough as the SRC_URI has changed.

------- Comment #2 From Robert Coie (RETIRED) 2004-08-04 23:15:12 0000 ------- 
In CVS, thanks.  Had to add a little change to make the tests not get run twice
in some circumstances.

------- Comment #3 From Thierry Carrez (RETIRED) 2004-08-05 00:31:58 0000 ------- 
Reopening so that we can issue GLSA about it

------- Comment #4 From Thierry Carrez (RETIRED) 2004-08-05 00:35:37 0000 ------- 
Arches: please test and mark spamassassin 2.64 stable

------- Comment #5 From Josh Grebe (RETIRED) 2004-08-05 08:34:41 0000 ------- 
Tested and marked for sparc

------- Comment #6 From Tom Martin (RETIRED) 2004-08-05 12:00:04 0000 ------- 
Stable on amd64.

------- Comment #7 From Aron Griffis (RETIRED) 2004-08-06 20:01:58 0000 ------- 
alpha and ia64 done

------- Comment #8 From Pieter Van den Abeele 2004-08-07 11:54:59 0000 ------- 
tested and stable on ppc

------- Comment #9 From SpanKY 2004-08-07 22:28:08 0000 ------- 
hppa stable

------- Comment #10 From Chris White (RETIRED) 2004-08-07 23:19:31 0000 ------- 
Removing ppc cc as it is stable marked.  ppc64 still needs stable marking
though.

------- Comment #11 From Thierry Carrez (RETIRED) 2004-08-08 02:50:50 0000 ------- 
We also need x86 stable before the GLSA can go out.

------- Comment #12 From Sune Kloppenborg Jeppesen 2004-08-09 12:51:36 0000 ------- 
GLSA 200408-06

ppc64 please mark stable to benifit from the GLSA

------- Comment #13 From Tom Gall 2004-09-25 22:29:32 0000 ------- 
stable on ppc64

------- Comment #14 From Tom Gall 2004-09-25 22:35:31 0000 ------- 
removing ppc64
First Last Prev Next    No search results available      Search page      Enter new bug