CVE reference: CVE-2007-0451 Description: This is a heads-up on a denial-of-service vulnerability in Apache SpamAssassin, affecting versions 3.1.0 upwards. Versions before 3.1.0 are not affected. It has been assigned CVE-2007-0451, or bug 5318 in the SpamAssassin bugzilla. The vulnerability is caused by overly long URLs found in malformed HTML in a scanned mail message. Processing of this message takes a long time and causes massive memory usage, which could cause a Denial of Service due to memory exhaustion or increased swapping, depending on the setup of the scanning machine and its resilience to OOM conditions. Fix: Fixed packages have been released as version 3.1.8. Further info: mail Announced: Feb 13 2007 Corrected: Feb 13 2007 Affects: all versions before the correction date, after and including 3.1.0 Credit: discovery of this vulnerability credited to Steve Halligan .