Apache SpamAssassin 3.0.6 is now available! This is a maintainance
release of the 3.0.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750
The release file will also be available via CPAN in the near future.
md5sum of archive files:
423eb193db9f7757c6d957f5c04550cb Mail-SpamAssassin-3.0.6.tar.bz2
bf0a1e1a7f6e5dd719deda6293b83e35 Mail-SpamAssassin-3.0.6.tar.gz
72c012d51f8507c2839a34f900c80412 Mail-SpamAssassin-3.0.6.zip
sha1sum of archive files:
10d42d954c421f40fbbd9411a5ff096e29240c6f Mail-SpamAssassin-3.0.6.tar.bz2
78358df8ea26513a8fbe466f484d19e487e5438f Mail-SpamAssassin-3.0.6.tar.gz
17031fd2c9b54846d4e41d7ea3945639659fd91e Mail-SpamAssassin-3.0.6.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.0.6 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability.
Changelog:
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
release of the 3.0.x branch.
Downloads are available from:
http://spamassassin.apache.org/downloads.cgi?update=200606050750
The release file will also be available via CPAN in the near future.
md5sum of archive files:
423eb193db9f7757c6d957f5c04550cb Mail-SpamAssassin-3.0.6.tar.bz2
bf0a1e1a7f6e5dd719deda6293b83e35 Mail-SpamAssassin-3.0.6.tar.gz
72c012d51f8507c2839a34f900c80412 Mail-SpamAssassin-3.0.6.zip
sha1sum of archive files:
10d42d954c421f40fbbd9411a5ff096e29240c6f Mail-SpamAssassin-3.0.6.tar.bz2
78358df8ea26513a8fbe466f484d19e487e5438f Mail-SpamAssassin-3.0.6.tar.gz
17031fd2c9b54846d4e41d7ea3945639659fd91e Mail-SpamAssassin-3.0.6.zip
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://spamassassin.apache.org/released/GPG-SIGNING-KEY
The key information is:
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
3.0.6 fixes a remote code execution vulnerability if spamd is run with the
"--vpopmail" and "-P" options. If either/both of those options are not
used, there is no vulnerability.
Changelog:
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user