[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2107-1] spamassassin security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : spamassassin
Version        : 3.4.2-0+deb8u3
CVE ID         : CVE-2020-1930 CVE-2020-1931
Debian Bug     : 950258

Two vulnerabilities were discovered in spamassassin, a Perl-based spam
filter using text analysis. Malicious rule or configuration files,
possibly downloaded from an updates server, could execute arbitrary
commands under multiple scenarios.

For Debian 8 "Jessie", these problems have been fixed in version
3.4.2-0+deb8u3.

We recommend that you upgrade your spamassassin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5L3psACgkQnUbEiOQ2
gwJ7RQ//R5YJn7oGBYS6R8WK+5xBrdaGLLqLufv0lKGmE5verJrf/OgMBLZSO/bQ
hjjPjHJdJI3Bycbj9iwuGezAqzTpxNxLt8+GXst90j0oBAot+JBEG8omBkByYTxn
Dgrsb3ATZSIcwt3shh8jF/HJxthX322MGb2h5jYgGPGHXKOjCwFjtZ5dd6DQODd7
AyS0AVSiOylo8DQRrPDkZcbcPURbhrH9cMFQ1FbWYLiKhI0oIfQvYZGiIIbp/ka/
+cQyUiP5kMPiZ+GanguRbgR7kzSFFYz7p5z3rYjdr4kKqWdgq6Nnq86xGp4fa/Yg
UZQFDjNeNMRGpI+Hua3oEZW3M9hL8uzfAvpbC5g5hFWE/eKp7hqHTnvofsAqd7II
CBiDZa9EOe3h/qJNPwCqEooomv1EwmeNE6SWrlV6tm/EEoVDXrpnN11j5kfGE2sJ
ebz/ADc9zzNuK1ENAllxZ5BQOUgWR8CSmPLTNoJsOsrdxslev/jmEWXJe3oZ33A9
gLu0W4uWclguyU1lnLbb0ec3iG/VglliuPaUgqOqRaSl+/EaHbSsziE140XQ6GGX
dVndukOIJ75oNo1jFu69UqXyU+uqztb6LG1qF3+iOa3XOnbAb3TXK1c9RwbE5ckP
KaEIUmjPfeS6PkDMzM7f4NIl6dYm+p0nlkkOxyyhVKJz4qmuors=
=CspL
-----END PGP SIGNATURE-----


Reply to: