2010年7月 9日

[installer 2430] bogofilter-1.2.2

bogofilter-1.2.2 出ています。

セキュリティホールの修正が含まれています。
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2494
参照のこと。

☆ bogofilter-1.2.2

http://bogofilter.sourceforge.net/
http://sourceforge.net/projects/bogofilter/files/

なんか日付が間違っていますが…

1.2.2 2010-10-08 (released)

2010-07-05
* Use a better PRNG for random sleeps. That is arc4random() where
available, and drand48() elsewhere.

* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments

* Update Doxyfile and source contrib/bogogrep.c for docs, too.

2010-07-03

* Security bugfix, CVE-2010-2494:
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz@xxxxx>.
Please see doc/bogofilter-SA-2010-01 for details.

2010-04-07

* Updated sendmail milter contrib/bogofilter-milter.pl to v1.??????
(thanks to Jonathan Kamens)

2010-04-01

* Bump supported/minimum SQLite3 versions and warning threshold.
See doc/README.sqlite for details.

* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.

Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
supported, it causes shifts in scores and write failures under
contention. Bogofilter can use Berkeley DB 5.0's native interface,
and using that is more efficient than the added SQL shim layer.

2010-03-06

* Make t.maint more robust; ignore .ENCODING token. To fix test
failures on, for instance, FreeBSD with unicode enabled.

2010-02-15

* Fix several compiler warnings "array subscript has type 'char'", by
casting the arguments to unsigned char.
A security audit was conducted and showed that all affected
functions either received the relevant input from the user running
bogofilter, or the input had already been pre-validated by the token
lexer.

2010-02-14

* Split error messages for ENOENT and EINVAL into new function.
* Avoid divison by zero in robx computation by checking if there are at
least one ham message and one spam message registered.

2009-08-13

* contrib/spamitarium.pl updated to version 0.4.0
(thanks to Tom Anderson)

2009-08-05

* Updated and integrated Ted Phelps's "Patch to prevent .ENCODING from
being discarded by bogoutil -m" (SourceForge Patch #1743984).
Thanks to Ted for debugging the issue and providing the patch (which
was for bogofilter v1.1.5).

2009-09-15
* Promoted to "stable"

----
こがよういちろう


投稿者 xml-rpc : 2010年7月 9日 12:39
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/96977
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。