Roland Illig wrote:
> Roland Illig wrote:
> 
>> Martti Kuparinen wrote:
>>
>>> Any ideas what this is?
>>>
>>>
>>> Unusual System Events
>>> =-=-=-=-=-=-=-=-=-=-=
>>> Nov 22 04:26:36 p130 spamd[23228]: spamd: Insecure dependency in eval 
>>> while running setuid at 
>>> /usr/pkg/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Conf/Parser.pm 
>>> line 913.
>>
>>
>>
>> The code there looks quite ugly, but _seems_ secure to me (I'll 
>> continue trying). It tries to distinguish a "safe" regular expression 
>> from a non-safe, while not adhering to the coding guidelines for 
>> Perl's tainted mode at all.
>>
>> You should report this as an upstream bug.
> 
> 
> I have just committed a fix (it's patch-ar) and bumped the PKGREVISION. 
> Please update.

Please DON'T update. The is_regexp_valid() contains a vulnerability. I'm 
going to prepare a good patch and put that up here for discussion.

Roland