Package "sa-compile"
| Name: |
sa-compile
|
Description: |
Tools for compiling SpamAssassin rules into C
|
| Latest version: |
3.4.2-0ubuntu0.18.04.5 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
spamassassin |
| Homepage: |
http://www.spamassassin.org/ |
Links
Download "sa-compile"
Other versions of "sa-compile" in Bionic
Changelog
|
spamassassin (3.4.2-0ubuntu0.18.04.5) bionic-security; urgency=medium
* SECURITY UPDATE: OS Command Injection in cf file parsing
- debian/patches/CVE-2020-1946.patch: fix header rule parsing in
lib/Mail/SpamAssassin/Conf/Parser.pm.
- CVE-2020-1946
-- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:56:53 -0400
|
| Source diff to previous version |
| CVE-2020-1946 |
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. |
|
|
spamassassin (3.4.2-0ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: code execution via nefarious CF files
- debian/patches/CVE-2020-1930.patch: improve logic in
lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm.
- debian/patches/CVE-2020-1931.patch: improve logic in
lib/Mail/SpamAssassin/Conf.pm, lib/Mail/SpamAssassin/Constants.pm.
- CVE-2020-1930
- CVE-2020-1931
* Thanks to Debian for the patches.
-- Marc Deslauriers <email address hidden> Tue, 04 Feb 2020 07:52:51 -0500
|
| Source diff to previous version |
| CVE-2020-1930 |
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configur |
| CVE-2020-1931 |
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to |
|
|
spamassassin (3.4.2-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: code execution via nefarious CF files
- debian/patches/CVE-2018-11805: improve rule parsing.
- CVE-2018-11805
* SECURITY UPDATE: resource consumption issue
- debian/patches/CVE-2019-12420: limit checked mime parts.
- CVE-2019-12420
* debian/patches/broken_regex_test.patch: disable some broken tests
causing a FTBFS with certain perl versions.
* Thanks to Debian for the patches.
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 11:52:53 -0500
|
| Source diff to previous version |
| CVE-2018-11805 |
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits ca |
| CVE-2019-12420 |
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the r |
|
|
spamassassin (3.4.2-0ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Update to 3.4.2 to fix multiple security issues and
support new rule update signatures (LP: #1796863)
- debian/patches/*patch: sync patches from 3.4.2-1 package.
- add pkgrules orig tarball from 3.4.2-1 package.
- debian/spamassassin.{init,preinst}: properly handle process name
change in spamassassin 3.4.2.
- CVE-2017-15705
- CVE-2018-11780
- CVE-2018-11781
-- Marc Deslauriers <email address hidden> Thu, 25 Oct 2018 07:57:41 -0400
|
| 1796863 |
Upgrade to version 3.4.2 for Bionic |
| CVE-2017-15705 |
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags |
| CVE-2018-11780 |
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. |
| CVE-2018-11781 |
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. |
|
About
-
Send Feedback to @ubuntu_updates
