Today we released v2.64 which contains an important security fix to prevent a DoS attack against system running SpamAssassin. The announcement (can't link as it hasn't reached the archives yet): > Subject: SpamAssassin 2.64 is released! SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited commercial/bulk email). Downloading ----------- Pick it up from: http://old.SpamAssassin.org/released/Mail-SpamAssassin-2.64.tar.gz http://old.SpamAssassin.org/released/Mail-SpamAssassin-2.64.tar.bz2 http://old.SpamAssassin.org/released/Mail-SpamAssassin-2.64.zip md5sum of archive files: a82a9dab95462d102e253edb99091fdd Mail-SpamAssassin-2.64.tar.gz cd482160ddbe371bbf4fb58b715ebbdf Mail-SpamAssassin-2.64.tar.bz2 82a8f47ad87774b5a94805ed9bc6753b Mail-SpamAssassin-2.64.zip sha1sum of archive files: 7d5776a7c462c849bc48f12a48ed82dc929ac06f Mail-SpamAssassin-2.64.tar.gz ea4925c6967249a581c4966d1cefd1a3162eb639 Mail-SpamAssassin-2.64.tar.bz2 5922db581c6ef8026455ecce055f14a25b499a3b Mail-SpamAssassin-2.64.zip Or on CPAN shortly, once the mirrors update. The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net keyserver, as well as http://www.spamassassin.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org> Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Summary of major changes since 2.63 ----------------------------------- - Security fix prevents a denial of service attack open to certain malformed messages. - Backported several very reliable rules from the SpamAssassin 3.0.0 codebase.
Created attachment 36794 [details] spamassassin-2.64.ebuild The ebuild; bumping isn't enough as the SRC_URI has changed.
In CVS, thanks. Had to add a little change to make the tests not get run twice in some circumstances.
Reopening so that we can issue GLSA about it
Arches: please test and mark spamassassin 2.64 stable
Tested and marked for sparc
Stable on amd64.
alpha and ia64 done
tested and stable on ppc
hppa stable
Removing ppc cc as it is stable marked. ppc64 still needs stable marking though.
We also need x86 stable before the GLSA can go out.
GLSA 200408-06 ppc64 please mark stable to benifit from the GLSA
stable on ppc64
removing ppc64