security update: spamassassin 3.17 to 3.18
Michael Scheidell
scheidell at secnap.net
Thu Feb 15 02:42:48 UTC 2007
>Submitter-Id: current-users
>Originator: Michael Scheidell
>Organization: SECNAP Network Security
>Confidential: no
>Synopsis: security update: spamassassin 3.17 to 3.18
>Severity: serious
>Priority: medium
>Category: ports
>Class: update
>Release: FreeBSD 5.5-RELEASE-p8 i386
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell at scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386
FBSD 4,5, etc.
Private note to maintainer: if no one wants to maintain this port, I
would be willing to do it officially. I think you will see many of the
past updates were submitted by me anyway.
>Description:
3.1.8 is a major bug-fix release, including a potential DoS. The major
highlights are:
- bug 5318: fix for CVE-2007-0451: possible DoS due to incredibly
long URIs found in the message content.
- bug 5240: disable perl module usage in update channels unless
--allowplugins is specified
- bug 5288: files with names starting/ending in whitespace weren't
usable
- bug 5056: remove Text::Wrap related code due to upstream issues
- bug 5145: update spamassassin and sa-learn to better deal with STDIN
- bug 5140 and 5179: improvements and bug fixes related to DomainKeys
and DKIM support
- several updates for Received header parsing
- several documentation updates and random taint-variable related issues
A more detailed change log can be read here:
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes
>How-To-Repeat:
NA
>Fix:
patches to upgade Sa 3.1.7 to 3.1.8
Note: many patches in files/* removed due to being incorporated in
SA source. these files should be removed from files/*
patch-spamassassin.raw
patch-sa-learn.raw
patch-lib-Mail-SpamAssassin-SpamdForkScaling.pm
here are patches:
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig p5-Mail-SpamAssassin
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/Makefile
p5-Mail-SpamAssassin/Makefile
--- /var/tmp/p5-Mail-SpamAssassin.orig/Makefile Mon Dec 25 11:52:04 2006
+++ p5-Mail-SpamAssassin/Makefile Wed Feb 14 20:39:25 2007
@@ -6,8 +6,7 @@
#
PORTNAME= Mail-SpamAssassin
-PORTVERSION= 3.1.7
-PORTREVISION= 3
+PORTVERSION= 3.1.8
CATEGORIES= mail perl5
MASTER_SITES= ${MASTER_SITE_APACHE:S/$/:apache/}
${MASTER_SITE_PERL_CPAN:S/$/:cpan/}
MASTER_SITE_SUBDIR= spamassassin/source/:apache Mail/:cpan
diff -bBru /var/tmp/p5-Mail-SpamAssassin.orig/distinfo
p5-Mail-SpamAssassin/distinfo
--- /var/tmp/p5-Mail-SpamAssassin.orig/distinfo Mon Oct 30 21:10:14 2006
+++ p5-Mail-SpamAssassin/distinfo Wed Feb 14 20:41:12 2007
@@ -1,3 +1,3 @@
-MD5 (Mail-SpamAssassin-3.1.7.tar.gz) = 4b342c63949d47f3ce56b3fc1c8881c1
-SHA256 (Mail-SpamAssassin-3.1.7.tar.gz) =
be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39
-SIZE (Mail-SpamAssassin-3.1.7.tar.gz) = 1168183
+MD5 (Mail-SpamAssassin-3.1.8.tar.gz) = 20a3a6b651a89dcc70634715ca833996
+#SHA256 (Mail-SpamAssassin-3.1.8.tar.gz) =
be6fd341fb35ba5efb2784318e9772bde65b7115eed18ab8dcd791a471fcef39
+#SIZE (Mail-SpamAssassin-3.1.8.tar.gz) = 1168183
More information about the freebsd-perl
mailing list