Does anyone know if this effects the Mail::SpamAssassin perl libraries when
used with amavisd-new?
Eric Vollmer
At 02:25 PM 2/2/2003 +0100, Daniel Ahlberg wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- - --------------------------------------------------------------------
>GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01
>- - --------------------------------------------------------------------
>
>PACKAGE : Mail-SpamAssasin
>SUMMARY : arbitrary code execution
>DATE : 2003-02-02 13:25 UTC
>EXPLOIT : remote
>
>- - --------------------------------------------------------------------
>
>- From advisory:
>
>"Attacker may be able to execute arbitrary code by sending a specially
>crafted e-mail to a system using SpamAssassin's spamc program in BSMTP
>mode (-B option). Versions from 2.40 to 2.43 are affected."
>
>Read the full advisory at
>http://marc.theaimsgroup.com/?l=bugtraq&m=104342896818777&w=2
>
>SOLUTION
>
>It is recommended that all Gentoo Linux users who are running
>dev-perl/Mail-SpamAssasin to Mail-SpamAssasin-2.44 as follows:
>
>emerge sync
>emerge -u Mail-SpamAssasin
>emerge clean
>
>- - --------------------------------------------------------------------
>aliz (at) gentoo (dot) org [email concealed] - GnuPG key is available at www.gentoo.org/~aliz
>- - --------------------------------------------------------------------
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (GNU/Linux)
>
>iD8DBQE+PRxAfT7nyhUpoZMRAjBlAKCIBHUPx/LE/JJg130OosBtzfXNyACfY+/n
>hQ1myVlS8MPcIc1BGzoLZzM=
>=y8WM
>-----END PGP SIGNATURE-----
used with amavisd-new?
Eric Vollmer
At 02:25 PM 2/2/2003 +0100, Daniel Ahlberg wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- - --------------------------------------------------------------------
>GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01
>- - --------------------------------------------------------------------
>
>PACKAGE : Mail-SpamAssasin
>SUMMARY : arbitrary code execution
>DATE : 2003-02-02 13:25 UTC
>EXPLOIT : remote
>
>- - --------------------------------------------------------------------
>
>- From advisory:
>
>"Attacker may be able to execute arbitrary code by sending a specially
>crafted e-mail to a system using SpamAssassin's spamc program in BSMTP
>mode (-B option). Versions from 2.40 to 2.43 are affected."
>
>Read the full advisory at
>http://marc.theaimsgroup.com/?l=bugtraq&m=104342896818777&w=2
>
>SOLUTION
>
>It is recommended that all Gentoo Linux users who are running
>dev-perl/Mail-SpamAssasin to Mail-SpamAssasin-2.44 as follows:
>
>emerge sync
>emerge -u Mail-SpamAssasin
>emerge clean
>
>- - --------------------------------------------------------------------
>aliz (at) gentoo (dot) org [email concealed] - GnuPG key is available at www.gentoo.org/~aliz
>- - --------------------------------------------------------------------
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (GNU/Linux)
>
>iD8DBQE+PRxAfT7nyhUpoZMRAjBlAKCIBHUPx/LE/JJg130OosBtzfXNyACfY+/n
>hQ1myVlS8MPcIc1BGzoLZzM=
>=y8WM
>-----END PGP SIGNATURE-----
[ reply ]