UbuntuUpdates.org

Package "spamassassin"

Name: spamassassin

Description:

Perl-based spam filter using text analysis

Latest version: 3.4.2-0ubuntu0.16.04.5
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://www.spamassassin.org/

Links


Download "spamassassin"


Other versions of "spamassassin" in Xenial

Repository Area Version
base main 3.4.1-3
security main 3.4.2-0ubuntu0.16.04.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.4.2-0ubuntu0.16.04.5 2021-04-01 15:06:14 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: OS Command Injection in cf file parsing
    - debian/patches/CVE-2020-1946.patch: fix header rule parsing in
      lib/Mail/SpamAssassin/Conf/Parser.pm.
    - CVE-2020-1946

 -- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:57:38 -0400

Source diff to previous version
CVE-2020-1946 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.

Version: 3.4.2-0ubuntu0.16.04.4 2020-03-02 13:06:39 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.4) xenial; urgency=medium

  * d/p/lp-1862154-*: avoid 'domain is utf8 flagged' flooding the logs
    (LP: #1862154)

 -- Christian Ehrhardt <email address hidden> Mon, 10 Feb 2020 16:17:02 +0100

Source diff to previous version
1862154 Syslog spammed with \

Version: 3.4.2-0ubuntu0.16.04.3 2020-02-04 17:06:44 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2020-1930.patch: improve logic in
      lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm.
    - debian/patches/CVE-2020-1931.patch: improve logic in
      lib/Mail/SpamAssassin/Conf.pm, lib/Mail/SpamAssassin/Constants.pm.
    - CVE-2020-1930
    - CVE-2020-1931
  * Thanks to Debian for the patches.

 -- Marc Deslauriers <email address hidden> Tue, 04 Feb 2020 08:15:18 -0500

Source diff to previous version
CVE-2020-1930 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configur
CVE-2020-1931 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to

Version: 3.4.2-0ubuntu0.16.04.2 2020-01-13 19:06:46 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2018-11805: improve rule parsing.
    - CVE-2018-11805
  * SECURITY UPDATE: resource consumption issue
    - debian/patches/CVE-2019-12420: limit checked mime parts.
    - CVE-2019-12420
  * Thanks to Debian for the patches.

 -- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 11:53:34 -0500

Source diff to previous version
CVE-2018-11805 In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits ca
CVE-2019-12420 In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the r

Version: 3.4.2-0ubuntu0.16.04.1 2018-11-06 19:06:51 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 3.4.2 to fix multiple security issues and
    support new rule update signatures (LP: #1796863)
    - debian/patches/*patch: sync patches from 3.4.2-1 package.
    - add pkgrules orig tarball from 3.4.2-1 package.
    - debian/spamassassin.{init,preinst}: properly handle process name
      change in spamassassin 3.4.2.
    - CVE-2017-15705
    - CVE-2018-11780
    - CVE-2018-11781

 -- Marc Deslauriers <email address hidden> Thu, 25 Oct 2018 12:37:49 -0400

1796863 Upgrade to version 3.4.2 for Bionic
CVE-2017-15705 A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags
CVE-2018-11780 A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
CVE-2018-11781 Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.



About   -   Send Feedback to @ubuntu_updates