UbuntuUpdates.org

Package "sa-compile"

Name: sa-compile

Description:

Tools for compiling SpamAssassin rules into C

Latest version: 3.4.4-1ubuntu1.1
Release: focal (20.04)
Level: security
Repository: main
Head package: spamassassin
Homepage: https://www.spamassassin.org/

Links


Download "sa-compile"


Other versions of "sa-compile" in Focal

Repository Area Version
base main 3.4.4-1ubuntu1
updates main 3.4.4-1ubuntu1.2

Changelog

Version: 3.4.4-1ubuntu1.1 2021-04-01 14:06:57 UTC

  spamassassin (3.4.4-1ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: OS Command Injection in cf file parsing
    - debian/patches/CVE-2020-1946.patch: fix header rule parsing in
      lib/Mail/SpamAssassin/Conf/Parser.pm.
    - CVE-2020-1946

 -- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:54:59 -0400

CVE-2020-1946 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.



About   -   Send Feedback to @ubuntu_updates