3
Topic: vulnerability in bogofilter/bogolexer
5
Announcement: bogofilter-SA-2005-01
6
Writer: Matthias Andree
10
Category: vulnerability
11
Type: segmentation fault through malformed input
12
Impact: denial of service, code injection
15
URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
17
Affected: bogofilter (stable) 0.96.2 and older
19
Not affected: bogofilter 0.96.3 and newer
24
Corrected: 2005-10-XXX committed corrected version
25
2005-10-XXX bogofilter 0.96.3 released as current
32
2005-10-26 0.01 initial draft for internal review
37
Bogofilter is a software package to classify a mail as spam or
38
non-spam. It uses a data base to store words and must be trained
39
which mail are spam and non-spam. It uses the probabilities of
40
individual words for classifying the message.
42
2. Problem description
43
======================
51
No reasonable workaround is known at this time.
56
Upgrade your bogofilter to version 0.96.3 (or a newer release).
58
bogofilter 0.96.3 is available from sourceforge:
60
https://sourceforge.net/project/showfiles.php?group_id=62265&release_id=118794
62
Note that a broken-out bugfix patch is not available at this time,
63
users and distributors are advised to the most current release, which is
64
a candidate to be released as 1.0.
66
A. Copyright, License and Warranty
67
==================================
69
(C) Copyright 2005 by Matthias Andree, <matthias.andree@gmx.de>.
72
This work is licensed under the Creative Commons
73
Attribution-NonCommercial-NoDerivs German License. To view a copy of
74
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
75
or send a letter to Creative Commons; 559 Nathan Abbott Way;
76
Stanford, California 94305; USA.
78
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
79
Use the information herein at your own risk.
82
END of bogofilter-SA-2005-01