On Wed, Sep 19, 2018 at 08:26:28PM +0200, Ola Lundqvist wrote: > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of spamassassin: > https://security-tracker.debian.org/tracker/CVE-2018-11780 > https://security-tracker.debian.org/tracker/CVE-2018-11781 > https://security-tracker.debian.org/tracker/CVE-2018-15705 > > Would you like to take care of this yourself? It's not yet clear how these will even be fixed in stretch, so it may be premature to think about wheezy. At the moment, upstream is advocating strongly for us to move to the newly released 3.4.2 upstream version in our stable branches. We're considering it, in part because upstream isn't providing a discrete set of patches to address the security issues. I will keep you informed (or worst case, you'll learn via debian-security-announce) as to the status of fixes for stable and LTS. noah
Attachment:
signature.asc
Description: PGP signature