http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2945 Proposed patch: http://seclists.org/lists/fulldisclosure/2005/Sep/0540.html BTW, Debian ships version 5.21l which according to the changelog also contains some buffer overflow fixes.
I'll release 5.21l this week-end. Then probably declare arc orphaned. I have little confidence in arc's code. It's old and licensing problems kept it frozen for a long time. Since amavisd can use nomarch instead I have no need for arc anymore. Unless people are actively fixing arc now it's GPL and work on nomarch stopped. Didin't look at both projects lately.
ping
Should be building. Didn't check if it actually works after the build, the number of warnings is still sky-high Orphaning this pile of old code now, even the latest and greatest needed a build patch :(. Seems even freebsd does not care anymore.