On Thu, 10 Feb 2011, Adam Katz wrote:
I'm subscribed under a different address between these lists, so my cross-post to this list failed. Post attached.
The securityfocus page lists some Debian fixes. The Debian patch spamass-milter_0.3.1-8+lenny2.diff.gz changelog includes:
+spamass-milter (0.3.1-8+lenny1) stable-security; urgency=high + + * Use new popenenv function instead of open; fixes remote code exploit + as the spamass-milter user when run using -x. (closes: #573228) + + -- Don Armstrong <[email protected]> Wed, 17 Mar 2010 12:52:56 -0700 (from http://security.debian.org/pool/updates/main/s/spamass-milter/) also e.g. +spamass-milter (0.3.1-3) unstable; urgency=low + + * Use dirname instead of basename (closes: #391909) + * Add RUNAS option to change the user that spamass-milter runs as. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager _______________________________________________ Spamass-milt-list mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/spamass-milt-list
