THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
This page exists to provide quick reference to all past security notices that affect SpamAssassin. At this time this page is a work-in-progress, but it is belived to be a complete.
Please note that while this reference does cover security notices for versions of SpamAssassin older than 3.0.0, it should be noted these are pre-ASF releases. They are included here for completeness. Also note this document does not attempt to cover versions older than 2.40.
spamd remote code execution if -v AND -P options used
Versions affected: 2.50-3.0.5, 3.1.0-3.1.2 References:
[http://spamassassin.apache.org/advisories/cve-2006-2447.txt]
"many to: headers" DoS vuln
Versions affected: 3.0.4, possibly older versions.
References:
[http://secunia.com/advisories/17386/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351]
malformed message with long headers DoS
Versions affected: 3.0.1-3.0.3
References:
[http://secunia.com/advisories/15704/]
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266]
Unspecified malformed message DoS
Versions affected: 2.50-2.63
References:
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0796]
Arbitrary code execution if BSMTP used
Versions affected: 2.40-2.43
References:
[http://www.securityfocus.com/bid/6679]
[http://secunia.com/advisories/7951/]