You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This page exists to provide quick reference to all past security notices that affect SpamAssassin. At this time this page is a work-in-progress, but it is belived to be a complete.

Please note that while this reference does cover security notices for versions of SpamAssassin older than 3.0.0, it should be noted these are pre-ASF releases. They are included here for completeness. Also note this document does not attempt to cover versions older than 2.40.

spamd remote code execution if -v AND -P options used

Versions affected: 2.50-3.0.5, 3.1.0-3.1.2 References:
[http://spamassassin.apache.org/advisories/cve-2006-2447.txt]

"many to: headers" DoS vuln

Versions affected: 3.0.4, possibly older versions.

References:
[http://secunia.com/advisories/17386/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351]

malformed message with long headers DoS

Versions affected: 3.0.1-3.0.3

References:
[http://secunia.com/advisories/15704/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266]

Unspecified malformed message DoS

Versions affected: 2.50-2.63

References:
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796]

Arbitrary code execution if BSMTP used

Versions affected: 2.40-2.43

References:
[http://www.securityfocus.com/bid/6679]
[http://secunia.com/advisories/7951/]

  • No labels