Today we released v2.64 which contains an important security fix to prevent a DoS attack against system running SpamAssassin.
The announcement (can't link as it hasn't reached the archives yet):
> Subject: SpamAssassin 2.64 is released!
SpamAssassin is a mail filter which uses advanced statistical
and heuristic tests to identify spam (also known as unsolicited
Pick it up from:
md5sum of archive files:
sha1sum of archive files:
Or on CPAN shortly, once the mirrors update.
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net keyserver, as well as
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <firstname.lastname@example.org>
Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
Summary of major changes since 2.63
- Security fix prevents a denial of service attack open to certain
- Backported several very reliable rules from the SpamAssassin 3.0.0
Created attachment 36794 [details]
The ebuild; bumping isn't enough as the SRC_URI has changed.
In CVS, thanks. Had to add a little change to make the tests not get run twice
in some circumstances.
Reopening so that we can issue GLSA about it
Arches: please test and mark spamassassin 2.64 stable
Tested and marked for sparc
Stable on amd64.
alpha and ia64 done
tested and stable on ppc
Removing ppc cc as it is stable marked. ppc64 still needs stable marking
We also need x86 stable before the GLSA can go out.
ppc64 please mark stable to benifit from the GLSA
stable on ppc64