Accepted spamassassin 3.4.2-0+deb8u1 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 30 Oct 2018 13:28:29 -0400
Source: spamassassin
Binary: spamassassin spamc sa-compile
Architecture: source all amd64
Version: 3.4.2-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Noah Meyerhans <noahm@debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
sa-compile - Tools for compiling SpamAssassin rules into C
spamassassin - Perl-based spam filter using text analysis
spamc - Client for SpamAssassin spam filtering daemon
Closes: 784023 865924 883775 889501 891041 908969 908970 908971 913571
Changes:
spamassassin (3.4.2-0+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* New upstream version to fix several security issues and critical bugs:
- CVE-2017-15705: Denial of service issue in which certain unclosed
tags in emails cause markup to be handled incorrectly leading to
scan timeouts. (Closes: 908969)
- CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
script.
- CVE-2018-11780: potential Remote Code Execution bug with the
PDFInfo plugin. (Closes: 908970)
- CVE-2018-11781: local user code injection in the meta rule syntax.
(Closes: 908971)
- BayesStore: bayes_expire table grows, remove_running_expire_tok not
called (Closes: 883775)
- Fix use of uninitialized variable warning in PDFInfo.pm
(Closes: 865924)
- Fix "failed to parse plugin" error in
Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
- SSLv3 support removed from spamc
* Don't recursively chown /var/lib/spamassassin during postinst.
(Closes: 889501)
* Update SysV init script to cope with upstream's change to $0.
* Run test suite during build (Closes: #784023).
* Refresh patches
* Removed patches merged upstream:
- 30_edit_README
- 35_bug752542-libnet-dns-perl.patch
- 97_bug720499-pod-5.18
- bug_771408_perl_version
- bug_774768_disable_ahbl
* Added patch to silence extra debugging messages (Closes: #913571)
Checksums-Sha1:
3454a58e1b7fb91284a706949219bb01142e446d 2126 spamassassin_3.4.2-0+deb8u1.dsc
a7c72a47e9aa88276aeefc926a159c27dc4a74ab 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz
f295571631e4163225ee3eab04d5c0cce3a69fbc 1873396 spamassassin_3.4.2.orig.tar.xz
3618a83860fb605b35983ca7b997871652134791 36876 spamassassin_3.4.2-0+deb8u1.debian.tar.xz
679a3814a3993d7902778d30389dba61216409b3 1176290 spamassassin_3.4.2-0+deb8u1_all.deb
af1ee6858931ad81f389002622e2f2976af6e5fe 46968 sa-compile_3.4.2-0+deb8u1_all.deb
f3c14a2296d26c70cdd8aba3f21e5ff162a82fed 81194 spamc_3.4.2-0+deb8u1_amd64.deb
Checksums-Sha256:
4d3fa6333bbcb6a62ebe83c8187c0489da0df5de433213cb7cc7ac16fb53fc65 2126 spamassassin_3.4.2-0+deb8u1.dsc
3f3349bb45ac63a7b85a7562a365a9805c4afce91aa11718f0dacfe034890066 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz
aae73f835e1201713458fbe012f686eae395f7672c4729e62c91a92b3ced50df 1873396 spamassassin_3.4.2.orig.tar.xz
a44de59dce688c9e02a081797229404bb2ad296214365ce0d979ce9e25d2c363 36876 spamassassin_3.4.2-0+deb8u1.debian.tar.xz
89e3063d4733665835fcf82104e612231bb242cffbeb44d8ac778f743e56bb10 1176290 spamassassin_3.4.2-0+deb8u1_all.deb
8a2aa523c733d48657b81d6dba1fe62d59526c61d4a6d0c00f84d6570e673a66 46968 sa-compile_3.4.2-0+deb8u1_all.deb
0f06178a02f6b123c8675b1f6572520bd0ff6e3b84416e74b6f65725ae0d0505 81194 spamc_3.4.2-0+deb8u1_amd64.deb
Files:
a245f95524a82c86906e8582e3f6b176 2126 mail optional spamassassin_3.4.2-0+deb8u1.dsc
d1616326f1d3a442aff01347e615cabd 234232 mail optional spamassassin_3.4.2.orig-pkgrules.tar.xz
0f6d6733613ec670b13d37ce6f6244f8 1873396 mail optional spamassassin_3.4.2.orig.tar.xz
1065a02ec5c934835398f377c01a3216 36876 mail optional spamassassin_3.4.2-0+deb8u1.debian.tar.xz
9c47273d94caa3cbf8e8835562f7f089 1176290 mail optional spamassassin_3.4.2-0+deb8u1_all.deb
ca299ea1fba3396d1eae3061bf6dd52f 46968 mail optional sa-compile_3.4.2-0+deb8u1_all.deb
46d2e6e39cf11215eb07dd026a870174 81194 mail optional spamc_3.4.2-0+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlvrGtsACgkQPqHd3bJh
2Xto2Af/TXe0JQP+l1bhV9ooDC0gkTX7Mmt6OXkWXdjuAreBcJcFHf41wg1a0r8L
m6Ar3noRfgCgsfsxl2zX1pDFHPBWuIgm2ojvHkDGxwzXklmEf0u0kMJf37obAONj
HY0v9qdxDdgI67lsH8g1qsaqahfz77YK9uoDAvoKHLV+mzjZAkarBSLXSKgvbvnk
ArbParEvl0/L0mjSVrA258X0tSnSGKK/DKdrl327L7nDYEUsg9GEH/pgVcmMAZMt
j3dT+ez4+3A04YjaNlqPASzuJraKC4WeVoFZE8ai0GYFN6PuZNr3zd+2uo1PbesB
XTBMng9+wxE8W3bbEy/XgtmEDT0IWA==
=3PR9
-----END PGP SIGNATURE-----
Reply to: