-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : sa-exim Version : 4.2.1-14+deb8u1 CVE ID : CVE-2019-19920 Debian Bug : 946829
It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the compatibility between spamassassin and sa-exim. The security implications of sa-exim's greylisting function are also documented in /usr/share/doc/sa-exim/README.greylisting.gz. For Debian 8 "Jessie", this problem has been fixed in version 4.2.1-14+deb8u1. We recommend that you upgrade your sa-exim packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4XXD1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeReAw/+P0z8irAJLGhC8y/Gy2KcljkAerbSSn6PFqc1bMMsBDjOMiOXVM/nI1/g fITTDCnwGto0EbG6HDBdQvqUCyNSWOL91BTPK5Z+wV08EN1kBhrZqddur0nhdT3R GisJ+ogjRYO7uQooYc+sIIZLoimBDJImAgNo5x9q3huSPD/P5y7Kh5jM/n6qqAOv F/nuX4Lrkl4//d9e8BTNmiGcefYe7/taKM5H8ohQq01oa8Geq8I2qf6qFMaloUaf 4oGsaxK+MZxvLpZ4nkaCdCHWQAYklKzwvjFe54kF3j3lwdfJxfqK+PGUsBUs9WbY LkhgH7PwZm938+9OceEy4i2K+DBM6T2pAJ+Lf9QxwXDo7jyQ7Odekprrf5rwRo5G 78+pfGvZl9CXx7fWK0AXuJhUAd9CMOrPkppgi6xK1+MujXrPNuDAst/yyXUu6lqD VAQ6mXstjLUMxf1H/5zKfn77m1cTAtDK6yKPVoBjBS1cdG8pbjV/tSyDrddW8GsQ TynitqqwU5uvtrSc7Zr9lo1mtfGrXrS6h8F+yJaN5xPTQCoh77HdaOMDdk1vqF5z gZ5I0OJuD7aLcLtKxXTPooQrxIbKH5oKjKM12NYDJIhOjZ1Z70xYA9HvJ3wRVp6/ bEzS8rDKKVQgHNjPsIUNWvlUas3no0KFz+C8JbbKA0JZUMgATvQ= =GqVf -----END PGP SIGNATURE-----
