-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                   AMaViS Security Announcement

Date:                   2004-08-04
affected version(s):    amavis-0.2.1 (if ripMIME is used)
Vulnerability:		ripMIME attachment extraction bypass	
Priority:               urgent
Solution:               update to latest version of ripMIME
			upgrade to amavis 0.3.x, amavisd 0.1,
			amavisd-new, amavis-ng 
References: 
Author:                 Rainer Link <rainer@openantivirus.org>
Advisory ID:            ASA-2004-5
Contact:                security@amavis.org
WWW:			http://www.amavis.org/security/

- -----------------------------------------------------------------------------

1. Problem description
ripMIME fails to decode some MIME data correctly if it contains
invalid characters like newlines.

2. Impact
Bypass of malicious code

3. Solution
We strongly encourage you to upgrade to amavis 0.3.x, amavisd 0.1,
amavisd-new or amavis-ng.

This issue is fixed in ripMIME 1.3.2.3. Keep in mind the security
maintenance of AMaViS 0.1.x / 0.2.x has been discontinued on August,
1st 2004. But as this security issue was reported on July, 30th we
decided to release this AMaViS Security Advisory, though.  


4. Acknowledgement
Paul L. Daniels 

5. References
http://marc.theaimsgroup.com/?l=secunia-sec-adv&m=109154279312471&w=2
http://www.pldaniels.com/ripmime/CHANGELOG


6. Revision History
2004-08-04: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBES3umxoFTBO0QHkRAhGPAJ902GcAhFCak4+Z1ZPH4zm2TPtV/QCfanyt
PFg2aCvNuZoWyBUkYxiRL2M=
=SL47
-----END PGP SIGNATURE-----