spamassassin-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Justin Mason)
Subject ANNOUNCE: Apache SpamAssassin 3.1.9 available!
Date Wed, 13 Jun 2007 14:42:03 GMT
Apache SpamAssassin 3.1.9 is now available!  This is a maintenance and
security release of the 3.1.x branch.  It is highly recommended that
people upgrade to this version from 3.0.x or 3.1.x.

Downloads are available from:

The release file will also be available via CPAN in the near future.

  md5sum of archive files:
  ad5d812b1a04228f3dc3147ebd649bb3  Mail-SpamAssassin-3.1.9.tar.bz2
  c0a6dc8564e60bf50d1792e4edc18e97  Mail-SpamAssassin-3.1.9.tar.gz

  sha1sum of archive files:
  bed85f0b7e269253e925831015f11809009080eb  Mail-SpamAssassin-3.1.9.tar.bz2
  181e0ca4e0568bb51e955b8b8e4595313fb7de8b  Mail-SpamAssassin-3.1.9.tar.gz

The release files also have a .asc accompanying them.  The file serves
as an external GPG signature for the given release file.  The signing
key is available via the key server, as well as

The key information is:

pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <>
      Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B

3.1.9 is a major bug-fix release, including a potential local DoS.  The major
highlights are:

- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
  vulnerability. It only affects systems where spamd is run as root, is used
  with vpopmail or virtual users via the "-v"/"--vpopmail" OR
  "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
  WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
  This is not default on any distro package, and is not a common configuration.
  More details of the vulnerability can be read at

- bug 5353 - meta rule parsing should handle not equal ("!=") syntax.

- set the score for URI_TRUNCATED to 0.001.

- bug 5337: change the start order for Fedora such that spamd starts before the

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message