tag 339526 patch thanks spamassassin (3.0.3-2sarge0) stable-security; urgency=high
* Fix a potential bypass of spam detection when insanely large To:
headers are encountered. (CVE-2005-3351) (Closes: #339526)
-- Don Armstrong <[EMAIL PROTECTED]> Tue, 3 Jan 2006 07:01:02 -0800
svn diff -r261908:279666
http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm
has the exact diff from upstream; patch attached.
Don Armstrong
--
We were at a chinese resturant.
He was yelling at the waitress because there was a typo in his fortune
cookie.
-- hugh macleod http://www.gapingvoid.com/batch31.php
http://www.donarmstrong.com http://rzlab.ucr.edu
diff -u spamassassin-3.0.3/debian/changelog spamassassin-3.0.3/debian/changelog
--- spamassassin-3.0.3/debian/changelog
+++ spamassassin-3.0.3/debian/changelog
@@ -1,3 +1,10 @@
+spamassassin (3.0.3-2sarge0) stable-security; urgency=high
+
+ * Fix a potential bypass of spam detection when insanely large To:
+ headers are encountered. (CVE-2005-3351) (Closes: #339526)
+
+ -- Don Armstrong <[EMAIL PROTECTED]> Tue, 3 Jan 2006 07:01:02 -0800
+
spamassassin (3.0.3-2) stable-security; urgency=high
* Security release to fix potential DoS caused by large headers
unchanged:
--- spamassassin-3.0.3.orig/lib/Mail/SpamAssassin/Message.pm
+++ spamassassin-3.0.3/lib/Mail/SpamAssassin/Message.pm
@@ -334,7 +334,7 @@
my ($self, $hdr) = @_;
return $self->{pristine_headers} unless $hdr;
- my(@ret) = $self->{pristine_headers} =~ /^(?:$hdr:[
\t]+(.*\n(?:\s+\S.*\n)*))/mig;
+ my(@ret) = $self->{pristine_headers} =~ /^\Q$hdr\E:[ \t]+(.*?\n(?![
\t]))/smgi;
if (@ret) {
return wantarray ? @ret : $ret[-1];
}
signature.asc
Description: Digital signature
