diff options
| author | ghen <ghen@pkgsrc.org> | 2007-06-13 08:05:04 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-06-13 08:05:04 +0000 |
| commit | 67f6ef0cdbce5591f0ad11b32a16c66d78bfaf7f (patch) | |
| tree | 5f74a345890964f759f9c2d31c2fb72902736497 | |
| parent | ed11564d32a5604338817c1d12fe6156129cb16e (diff) | |
| download | pkgsrc-67f6ef0cdbce5591f0ad11b32a16c66d78bfaf7f.tar.gz | |
Pullup ticket 2111 - requested by heinz
security update for spamassassin
- pkgsrc/mail/spamassassin/Makefile patch
- pkgsrc/mail/spamassassin/distinfo patch
Update to SpamAssassin 3.1.9 to fix a denial of service vulnerability. The
package has been updated to SpamAssassin 3.2.1 on pkgsrc-HEAD but this major
new version will not be pulled up to the stable branch.
Changes in Spamassassin 3.1.9:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell"
switch. This is not default on any distro package, and is not a common
configuration. More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
- bug 5353 - meta rule parsing should handle not equal ("!=") syntax.
- set the score for URI_TRUNCATED to 0.001.
- bug 5337: change the start order for Fedora such that spamd starts before
the MTA.
| -rw-r--r-- | mail/spamassassin/Makefile | 6 | ||||
| -rw-r--r-- | mail/spamassassin/distinfo | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/mail/spamassassin/Makefile b/mail/spamassassin/Makefile index 09b99276ea1..e4d7ef2f4ad 100644 --- a/mail/spamassassin/Makefile +++ b/mail/spamassassin/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.79 2007/02/15 21:43:43 heinz Exp $ +# $NetBSD: Makefile,v 1.79.2.1 2007/06/13 08:05:04 ghen Exp $ -DISTNAME= Mail-SpamAssassin-3.1.8 -PKGNAME= spamassassin-3.1.8 +DISTNAME= Mail-SpamAssassin-3.1.9 +PKGNAME= spamassassin-3.1.9 SVR4_PKGNAME= sa CATEGORIES= mail perl5 MASTER_SITES= ${MASTER_SITE_APACHE:=spamassassin/source/} diff --git a/mail/spamassassin/distinfo b/mail/spamassassin/distinfo index ca2a45bad97..ba9e40e5bbd 100644 --- a/mail/spamassassin/distinfo +++ b/mail/spamassassin/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.43 2007/02/15 21:43:43 heinz Exp $ +$NetBSD: distinfo,v 1.43.2.1 2007/06/13 08:05:04 ghen Exp $ -SHA1 (Mail-SpamAssassin-3.1.8.tar.gz) = 08f81f72d8a783887cf815dfc55ea38e3582b966 -RMD160 (Mail-SpamAssassin-3.1.8.tar.gz) = 9e1af7219e3d6c1297181748b85853b812d2cdc4 -Size (Mail-SpamAssassin-3.1.8.tar.gz) = 1173847 bytes +SHA1 (Mail-SpamAssassin-3.1.9.tar.gz) = 181e0ca4e0568bb51e955b8b8e4595313fb7de8b +RMD160 (Mail-SpamAssassin-3.1.9.tar.gz) = a955d6dd67e3fb35808f375d1c60c733c665bdfe +Size (Mail-SpamAssassin-3.1.9.tar.gz) = 1174156 bytes SHA1 (patch-ab) = df95d87a2f2e7af238c27c3d5468d9aad7eb000d SHA1 (patch-ae) = 1461b24978c75c394c607ae1d49cb49dd086b563 SHA1 (patch-aq) = 495a3ac94a05129520e5d7018fdd56b6dad3c951 |