yOn Thu, Jun 16, 2005 at 10:45:02AM +0000, Paddy Smith wrote: > Package: spamassassin > Version: 3.0.3-1 > Severity: important > Tags: security, fixed-upstream > > > Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial > > of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The > > vulnerability allows certain misformatted long message headers to cause > > spam checking to take a very long time.
A fixed package has already been given to the security team - but as of yet they have failed to act on it. -- Duncan Findlay
signature.asc
Description: Digital signature
