A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.

For the stable distribution (squeeze), this problem has been fixed in version 1.2.2-2+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.2.2+dfsg1-2. We recommend that you upgrade your bogofilter packages.

This package implements a fast Bayesian spam filter along the lines suggested by Paul Graham in his article 'A Plan For Spam'.

bogofilter on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2012/dsa-2585.html

---

Updated on 2015-03-25