Apache SpamAssassin 3.2.1 and 3.1.9 released!
June 13th, 2007
We released new versions of SpamAssassin for both the 3.1 and 3.2 branches on Monday. 3.1.9 pretty much just includes the fix for CVE-2007-2873 (which only affects people who using the spamd –allow-tell or -l option) while 3.2.1 has a few additional fixes. Specifically 3.2.1 fixes a bug that caused the included URIBL.com (who are still under a severe DDoS attack, BTW) tests from working along with a handful of things that affect various non-default setups. Some more fixes (for problems most people will never see) to the spamd pre-forking server are also included.
Unfortunately you can’t successfully run make test as root in 3.2.1 due to the fix for bug 5480. This makes installing SA 3.2.1 via CPAN, um, difficult. I never noticed this since I always build from source as a non-root user. I don’t think any vendors, like RedHat, noticed it either since they probably all do the same thing.
If you normally install SA via CPAN, my advice would be to stick with 3.2.0 for now, avoid doing anything that triggers the local symlink vulnerability described in CVE-2007-2873 and just run sa-update to get most of the rule fixes included in 3.2.1. I expect that there will be a 3.2.2 release in a month or so.
Entry Filed under: Email, Technology
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Subscribe to the comments via RSS Feed