spamassassin-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Theo Van Dinter <>
Subject ANNOUNCE: Apache SpamAssassin 3.1.3 available!
Date Mon, 05 Jun 2006 16:13:09 GMT
Apache SpamAssassin 3.1.3 is now available!  This is a maintainance
release of the 3.1.x branch.

Downloads are available from:

The release file will also be available via CPAN in the near future.

md5sum of archive files:
  5f049f0b9fc63585a85593a3c68409bb  Mail-SpamAssassin-3.1.3.tar.bz2
  32ad78f3cdaddb02cdf0f55572604d07  Mail-SpamAssassin-3.1.3.tar.gz

sha1sum of archive files:
  e1f4489ec8805985e0ca79765bde586bf0286725  Mail-SpamAssassin-3.1.3.tar.bz2
  ed9e18fae6db86d0b77ce48d8262194e06df9ef8  Mail-SpamAssassin-3.1.3.tar.gz

The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing 
key is available via the key server, as well as

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <>
     Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B

3.1.3 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options.  If either/both of those options are not
used, there is no vulnerability.  There was also a fix for the userstate
directory and prefs file not being created.


- bug 4926: given a certain set of parameters to spamd and a specially
  formatted input message, users could cause spamd to execute arbitrary
  commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
  under certain conditions.

View raw message