UbuntuUpdates.org

Package "spamassassin"

Name: spamassassin

Description:

Perl-based spam filter using text analysis
Latest version: 3.4.2-0ubuntu0.16.04.5
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://www.spamassassin.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "spamassassin"

All arch deb package
APT INSTALL

Other versions of "spamassassin" in Xenial

Repository Area Version
base main 3.4.1-3
security main 3.4.2-0ubuntu0.16.04.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.4.2-0ubuntu0.16.04.5 2021-04-01 15:06:14 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: OS Command Injection in cf file parsing
    - debian/patches/CVE-2020-1946.patch: fix header rule parsing in
      lib/Mail/SpamAssassin/Conf/Parser.pm.
    - CVE-2020-1946

 -- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:57:38 -0400
Source diff to previous version
CVE-2020-1946 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.

Version: 3.4.2-0ubuntu0.16.04.4 2020-03-02 13:06:39 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.4) xenial; urgency=medium

  * d/p/lp-1862154-*: avoid 'domain is utf8 flagged' flooding the logs
    (LP: #1862154)

 -- Christian Ehrhardt <email address hidden> Mon, 10 Feb 2020 16:17:02 +0100
Source diff to previous version
1862154 Syslog spammed with \

Version: 3.4.2-0ubuntu0.16.04.3 2020-02-04 17:06:44 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2020-1930.patch: improve logic in
      lib/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm.
    - debian/patches/CVE-2020-1931.patch: improve logic in
      lib/Mail/SpamAssassin/Conf.pm, lib/Mail/SpamAssassin/Constants.pm.
    - CVE-2020-1930
    - CVE-2020-1931
  * Thanks to Debian for the patches.

 -- Marc Deslauriers <email address hidden> Tue, 04 Feb 2020 08:15:18 -0500
Source diff to previous version
CVE-2020-1930 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configur
CVE-2020-1931 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to

Version: 3.4.2-0ubuntu0.16.04.2 2020-01-13 19:06:46 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via nefarious CF files
    - debian/patches/CVE-2018-11805: improve rule parsing.
    - CVE-2018-11805
  * SECURITY UPDATE: resource consumption issue
    - debian/patches/CVE-2019-12420: limit checked mime parts.
    - CVE-2019-12420
  * Thanks to Debian for the patches.

 -- Marc Deslauriers <email address hidden> Fri, 10 Jan 2020 11:53:34 -0500
Source diff to previous version
CVE-2018-11805 In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits ca
CVE-2019-12420 In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the r

Version: 3.4.2-0ubuntu0.16.04.1 2018-11-06 19:06:51 UTC

  spamassassin (3.4.2-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 3.4.2 to fix multiple security issues and
    support new rule update signatures (LP: #1796863)
    - debian/patches/*patch: sync patches from 3.4.2-1 package.
    - add pkgrules orig tarball from 3.4.2-1 package.
    - debian/spamassassin.{init,preinst}: properly handle process name
      change in spamassassin 3.4.2.
    - CVE-2017-15705
    - CVE-2018-11780
    - CVE-2018-11781

 -- Marc Deslauriers <email address hidden> Thu, 25 Oct 2018 12:37:49 -0400
1796863 Upgrade to version 3.4.2 for Bionic
CVE-2017-15705 A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags
CVE-2018-11780 A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
CVE-2018-11781 Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.


About   -   Send Feedback to @ubuntu_updates