On Thu, 10 Feb 2011, David B Funk wrote:
On Fri, 11 Feb 2011, Jason Haar wrote:
On 02/11/2011 09:37 AM, Mark Martinec wrote:
Yes, the security hole is entirely within the milter,
independent of the MTA.
That exploit is dated Mar 2010? Has this really not been fixed in about
a year???
"a year"??, try half-a-decade. I've got a copy of that code from March
2006 and the vulnerability is there. Rather stale project. ;)
heh.
I suppose we ought to compose a boilerplate response for the inevitable
visitors who will show up asking about this "exploit in SpamAssassin"...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Any time law enforcement becomes a revenue center, the system
becomes corrupt.
-----------------------------------------------------------------------
2 days until Abraham Lincoln's and Charles Darwin's 202nd Birthdays
