blob: deb745c498888404347059dee29b276fe0aee906 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200408-06">
<title>SpamAssassin: Denial of Service vulnerability</title>
SpamAssassin is vulnerable to a Denial of Service attack when handling
certain malformed messages.
<product type="ebuild">SpamAssassin</product>
<announced>August 09, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="mail-filter/spamassassin" auto="yes" arch="*">
<unaffected range="ge">2.64</unaffected>
<vulnerable range="le">2.63-r1</vulnerable>
SpamAssassin is an extensible email filter which is used to identify
SpamAssassin contains an unspecified Denial of Service vulnerability.
<impact type="normal">
By sending a specially crafted message an attacker could cause a Denial
of Service attack against the SpamAssassin service.
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of SpamAssassin.
All SpamAssassin users should upgrade to the latest version:
# emerge sync
# emerge -pv &quot;&gt;=mail-filter/spamassassin-2.64&quot;
# emerge &quot;&gt;=mail-filter/spamassassin-2.64&quot;</code>
<uri link=";m=109168121628767&amp;w=2">SpamAssassin Release Announcement</uri>
<uri link="">CVE-2004-0796</uri>
<metadata tag="requester" timestamp="Thu, 5 Aug 2004 09:14:09 +0000">
<metadata tag="submitter" timestamp="Thu, 5 Aug 2004 11:01:34 +0000">