-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Volatile Update Announcement VUA 26-1 http://volatile.debian.net [EMAIL PROTECTED] Felipe Augusto van de Wiel February 21th, 2007 and Martin Zobel-Helas - ---------------------------------------------------------------------------
Package : spamassassin Version : 3.1.4-0volatile2 Importance : high CVE IDs : CVE-2007-0451 A remotely exploitable vulnerability has been found in SpamAssassin, which could cause a denial of service when when handling messages containing overly long URLs. For sarge, an updated spamassassin package is available in sarge/volatile-sloppy as version 3.1.4-0volatile2. This advisory was sent out without builds for mips and mipsel architectures being available. They will be released as soon as they are available. Upgrade Instructions - -------------------- You can get the updated packages at http://volatile.debian.net/debian-volatile/pool/volatile/main/s/spamassassin/ and install them with dpkg, or add deb http://volatile.debian.net/debian-volatile sarge/volatile-sloppy main deb-src http://volatile.debian.net/debian-volatile sarge/volatile-sloppy main to your /etc/apt/sources.list. You can also use any of our mirrors. In addition, you need to pin spamassassin and/or spamc in /etc/apt/preferences (unless that has already happened before): Package: spamassassin Pin: release a=sarge-sloppy, version 3.1.4* Pin-Priority: 500 Package: spamc Pin: release a=sarge-sloppy, version 3.1.4* Pin-Priority: 500 Please see http://www.debian.org/devel/debian-volatile/volatile-mirrors for the full list of mirrors. The archive signing key can be downloaded from http://volatile.debian.net/ziyi-sarge.asc For further information about debian-volatile, please refer to http://volatile.debian.net/. If there are any issues, please don't hesitate to get in touch with the volatile team. - -- Felipe Augusto van de Wiel (faw) "Debian. Freedom to code. Code to freedom!" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF27SqCjAO0JDlykYRAnd0AJ9QF39GV0EHF6xk6YitJD296ILblwCdHn9A 2zwnHWdwk9pyZYcQJ4lb3qA= =QkfZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
