[SECURITY] [DLA 2615-1] spamassassin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2615-1] spamassassin security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Fri, 2 Apr 2021 02:58:48 +0530
Message-id: <[🔎] CAPP0f97rQLSv7KV=cthiDqxtur3d5eH_LnjtmQME0sJJqSMGFw@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2615-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
April 02, 2021                              https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : spamassassin
Version        : 3.4.2-1~deb9u4
CVE ID         : CVE-2020-1946
Debian Bug     : 985962

Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam
filter using text analysis. Malicious rule configuration files,
possibly downloaded from an updates server, could execute arbitrary
commands under multiple scenarios.

For Debian 9 stretch, this problem has been fixed in version
3.4.2-1~deb9u4.

We recommend that you upgrade your spamassassin packages.

For the detailed security status of spamassassin please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spamassassin

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBmOW0ACgkQgj6WdgbD
S5ZKnA//SRt7ksSSXKVY1RKWsUpjqnIDOQI7XNoPAtzciQsMrr3Zt85QjKJHA455
qGZFil/lWN6kqu2bwQX2kYxC9ez21uTD5wvsV+4wHNKQjPJwdvqKAV2pwM7g9J6E
RvwSCEIvw//SneXt8Hx3knzZWpH1cSSaZ6R62VW/Qa8PaRN9h669Rdje8gWrEraf
1daxagLTeV/VVu07H7sLQ0+g2xM94+2wOc4G2JMGOaq3qbk+cbdwF6GNrOedeNxy
iLNdXRnZQXzaSog3ySpqb2ejJ45eaMNCP+manGBaJEfIa08JbqUbqOF/HGcZ3NPt
mLido2oKq4zFcAyLp1LPBiGuJSK+yXIGgiexGOcWAspIgXct1J5kUHWNOBhRs0DF
8xWhXtrSVQL1N6jXD59TC162unAezqTnxCbpI3rtdayZcc3PghK64MqWPU8r2lGs
xBLjRqWab6NXkaQoQHivwqqNYygsr5WcU5r8thvN6WXBCtqwZhJQntEbwEVWYxva
V+U9vOgHc0vw/eTjxwywCDtNpkTY3hg046SY84XE7MjICiM1wRI4ITUxP5VKlIt7
9XWUQLro8Id0WIQ6CDiNiOSduDI2vZ08uwLdcrz/GfHXVmP/bSFhp9x3cjHvZ5+r
xZy6bCbFD7QWcR24FoGXHIxwoB60xK9iX/LSwM+6JUIZFY1SNMQ=
=CyzC
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 2614-1] busybox security update
Next by thread: [SECURITY] [DLA 2614-1] busybox security update
Index(es):
- Date
- Thread