spamassassin security update in Debian jessie LTS

To: noahm@debian.org
Cc: debian-lts@lists.debian.org
Subject: spamassassin security update in Debian jessie LTS
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 31 Jan 2020 14:31:51 +0000
Message-id: <[🔎] 20200131143151.Horde.6A5QXoCFCFQKLH0XEP9--G5@mail.das-netzwerkteam.de>

Hi Noah, dear LTS contributors,

I am about to look into CVE-2020-1930 and CVE-2020-1931 reportedagainst spamassassin.

The issues have been fixed in 3.4.4~rc1 and as spamassassin has beenupstream version bumped in Debian jessie LTS before, I am asking foryour opinion, if you'd rather recommend cherry-picking the fixes(which I haven't been able to identify yet in upstream SVN) or simplyupstream version bump spamassassin in jessie LTS once more.


@LTS team: sharing your feedback / opinions will be much appreciated, too.

Thanks+Greets,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpT5r07dNnIO.pgp
Description: Digitale PGP-Signatur

Reply to:

Follow-Ups:
- Re: spamassassin security update in Debian jessie LTS
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

Prev by Date: Re: [CVE-2019-17026] Firefox Security Advisory 2020-03
Next by Date: Re: spamassassin security update in Debian jessie LTS
Previous by thread: Re: on updating debian-security-support in stable and oldstable (due to DSA-4562-1)
Next by thread: Re: spamassassin security update in Debian jessie LTS
Index(es):
- Date
- Thread