Hi Noah, dear LTS contributors,I am about to look into CVE-2020-1930 and CVE-2020-1931 reported against spamassassin.
The issues have been fixed in 3.4.4~rc1 and as spamassassin has been upstream version bumped in Debian jessie LTS before, I am asking for your opinion, if you'd rather recommend cherry-picking the fixes (which I haven't been able to identify yet in upstream SVN) or simply upstream version bump spamassassin in jessie LTS once more.
@LTS team: sharing your feedback / opinions will be much appreciated, too. Thanks+Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: email@example.com, http://das-netzwerkteam.de
Description: Digitale PGP-Signatur