On 2/10/2011 1:29 PM, John Hardin wrote:
On Thu, 10 Feb 2011, David B Funk wrote:
On Fri, 11 Feb 2011, Jason Haar wrote:
On 02/11/2011 09:37 AM, Mark Martinec wrote:
Yes, the security hole is entirely within the milter,
independent of the MTA.
That exploit is dated Mar 2010? Has this really not been fixed in about
a year???
"a year"??, try half-a-decade. I've got a copy of that code from March
2006 and the vulnerability is there. Rather stale project. ;)
heh.
I suppose we ought to compose a boilerplate response for the inevitable
visitors who will show up asking about this "exploit in SpamAssassin"...
Perhaps more than boilerplate, but rather an official advisory to clear
up the confusion? Given that upstream of that milter is dead, nobody
else will make an official advisory?
Warren
