bogofilter-SA-2005-01

Topic:		vulnerability in bogofilter/bogolexer

Announcement:	bogofilter-SA-2005-01
Writer:		Matthias Andree
Version:	XXX
CVE id:		XXX
Announced:	XXX
Category:	vulnerability
Type:		segmentation fault through malformed input
Impact:		denial of service, code injection
Credits:	David Relson
Danger:		medium
URL:		http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01

Affected:	bogofilter (stable)  0.96.2 and older

Not affected:	bogofilter 0.96.3 and newer

Introduced:	XXX
		XXX

Corrected:	2005-10-XXX         committed corrected version
		2005-10-XXX         bogofilter 0.96.3 released as current

References:	

0. Release history
==================

2005-10-26	0.01 initial draft for internal review

1. Background
=============

Bogofilter is a software package to classify a mail as spam or
non-spam.  It uses a data base to store words and must be trained
which mail are spam and non-spam. It uses the probabilities of
individual words for classifying the message.

2. Problem description
======================

3. Impact
=========

4. Workaround
=============

No reasonable workaround is known at this time.

5. Solution
===========

Upgrade your bogofilter to version 0.96.3 (or a newer release).

bogofilter 0.96.3 is available from sourceforge:

https://sourceforge.net/project/showfiles.php?group_id=62265&release_id=118794

Note that a broken-out bugfix patch is not available at this time,
users and distributors are advised to the most current release, which is
a candidate to be released as 1.0.

A. Copyright, License and Warranty
==================================

(C) Copyright 2005 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.

This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.

THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.


END of bogofilter-SA-2005-01
