Return-Path: Delivered-To: apmail-spamassassin-announce-archive@www.apache.org Received: (qmail 79970 invoked from network); 13 Jun 2007 15:07:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Jun 2007 15:07:00 -0000 Received: (qmail 35182 invoked by uid 500); 13 Jun 2007 15:06:47 -0000 Delivered-To: apmail-spamassassin-announce-archive@spamassassin.apache.org Received: (qmail 35094 invoked by uid 500); 13 Jun 2007 15:06:46 -0000 Mailing-List: contact announce-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list announce@spamassassin.apache.org Delivered-To: moderator for announce@spamassassin.apache.org Received: (qmail 57417 invoked by uid 99); 13 Jun 2007 14:42:33 -0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of jm@jmason.org designates 80.169.141.78 as permitted sender) To: announce@SpamAssassin.apache.org Subject: ANNOUNCE: Apache SpamAssassin 3.1.9 available! From: jm@apache.org (Justin Mason) Date: Wed, 13 Jun 2007 15:42:03 +0100 Sender: jm@jmason.org Message-Id: <20070613144203.CA1BA32CD9@radish.jmason.org> X-Virus-Checked: Checked by ClamAV on apache.org Apache SpamAssassin 3.1.9 is now available! This is a maintenance and security release of the 3.1.x branch. It is highly recommended that people upgrade to this version from 3.0.x or 3.1.x. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200706081100 The release file will also be available via CPAN in the near future. md5sum of archive files: ad5d812b1a04228f3dc3147ebd649bb3 Mail-SpamAssassin-3.1.9.tar.bz2 c0a6dc8564e60bf50d1792e4edc18e97 Mail-SpamAssassin-3.1.9.tar.gz a1ed25d0878d102c17a91233ee741f87 Mail-SpamAssassin-3.1.9.zip sha1sum of archive files: bed85f0b7e269253e925831015f11809009080eb Mail-SpamAssassin-3.1.9.tar.bz2 181e0ca4e0568bb51e955b8b8e4595313fb7de8b Mail-SpamAssassin-3.1.9.tar.gz c5f87a454ce4562558fd1af9ea71b7b858899f3e Mail-SpamAssassin-3.1.9.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.9 is a major bug-fix release, including a potential local DoS. The major highlights are: - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at . - bug 5353 - meta rule parsing should handle not equal ("!=") syntax. - set the score for URI_TRUNCATED to 0.001. - bug 5337: change the start order for Fedora such that spamd starts before the MTA. --------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@spamassassin.apache.org For additional commands, e-mail: announce-help@spamassassin.apache.org