[SECURITY] [DLA 2037-1] spamassassin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2037-1] spamassassin security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 16 Dec 2019 14:12:53 +0100
Message-id: <[🔎] be3fda62-f91e-3a3d-b22c-c62b2093f8d3@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : spamassassin
Version        : 3.4.2-0+deb8u2
CVE ID         : CVE-2018-11805 CVE-2019-12420
Debian Bug     : 946652 946653

Two vulnerabilities were discovered in spamassassin, a Perl-based spam
filter using text analysis.

CVE-2018-11805

    Malicious rule or configuration files, possibly downloaded from an
    updates server, could execute arbitrary commands under multiple
    scenarios.

CVE-2019-12420

    Specially crafted mulitpart messages can cause spamassassin to use
    excessive resources, resulting in a denial of service.

For Debian 8 "Jessie", these problems have been fixed in version
3.4.2-0+deb8u2.

We recommend that you upgrade your spamassassin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl33gtIACgkQnUbEiOQ2
gwJGYxAA0T39Nu3IyQt2JBIxz2hxUI9RNiCd/r3o91ZALLqr/O6Hv0fqN/1s1rtR
T4hNZ+y33te3EJqDQFxBpBHHVQT3EBKpktOOJKbKwqI9mHb3Sr0VWLizZdxfDrrt
NO0ULeEyEOLSHosace9pkTn8CBCNsvyTqV28IX9IYKeZW8Z5sR2RrE9JUSpDKH0A
dfDBbay0VjU9a+cRfAVH2b/b3ZgysGhzAGWQsctsWwYnZWXk+A87ioWSI1P6Kkc7
OVQWxQuyrQQYJg6r3jqetJknodmsUKyN8VsfA8n3nJw+EAqKt4LJNhohMLTlsR9V
oZHn9lDLpfUCef2GQvQpC+0gsqZeMho+B2yDRLxHJa+e0N8/hmTjWfcL4RnJwleJ
CtroeR6jy345SJCUaL4K1irhuH/qQeM4kuo5xE4AIWruuco+1xjKC+Vu74FsH0Lc
Lflwcjnh1KWxCg9AWyE2AMPCW4LLMGjRhrQh9gXRw76FetzDuR1zmUkucIxZVBmc
3kis7wgNUCcBubRuVab8o83l771hh4qYMTCrzpi06XgJHmMoSuS6x9pCiXQp0OHh
HmJYqbpxoJQA2VhZ1K8hRHcspFeq+ghyVpn74RGuU4a8F9OoFpYdUtp/pK9CB6hG
q5VrK/aqcefcEDInjENwpbE2Qjs5t5ZMV0J1UBKuzPd2TGXS4ZY=
=rs41
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2036-1] thunderbird security update
Next by Date: [SECURITY] [DLA 2038-1] libssh security update
Previous by thread: [SECURITY] [DLA 2036-1] thunderbird security update
Next by thread: [SECURITY] [DLA 2038-1] libssh security update
Index(es):
- Date
- Thread