-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2615-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 02, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : spamassassin Version : 3.4.2-1~deb9u4 CVE ID : CVE-2020-1946 Debian Bug : 985962 Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. For Debian 9 stretch, this problem has been fixed in version 3.4.2-1~deb9u4. We recommend that you upgrade your spamassassin packages. For the detailed security status of spamassassin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/spamassassin Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBmOW0ACgkQgj6WdgbD S5ZKnA//SRt7ksSSXKVY1RKWsUpjqnIDOQI7XNoPAtzciQsMrr3Zt85QjKJHA455 qGZFil/lWN6kqu2bwQX2kYxC9ez21uTD5wvsV+4wHNKQjPJwdvqKAV2pwM7g9J6E RvwSCEIvw//SneXt8Hx3knzZWpH1cSSaZ6R62VW/Qa8PaRN9h669Rdje8gWrEraf 1daxagLTeV/VVu07H7sLQ0+g2xM94+2wOc4G2JMGOaq3qbk+cbdwF6GNrOedeNxy iLNdXRnZQXzaSog3ySpqb2ejJ45eaMNCP+manGBaJEfIa08JbqUbqOF/HGcZ3NPt mLido2oKq4zFcAyLp1LPBiGuJSK+yXIGgiexGOcWAspIgXct1J5kUHWNOBhRs0DF 8xWhXtrSVQL1N6jXD59TC162unAezqTnxCbpI3rtdayZcc3PghK64MqWPU8r2lGs xBLjRqWab6NXkaQoQHivwqqNYygsr5WcU5r8thvN6WXBCtqwZhJQntEbwEVWYxva V+U9vOgHc0vw/eTjxwywCDtNpkTY3hg046SY84XE7MjICiM1wRI4ITUxP5VKlIt7 9XWUQLro8Id0WIQ6CDiNiOSduDI2vZ08uwLdcrz/GfHXVmP/bSFhp9x3cjHvZ5+r xZy6bCbFD7QWcR24FoGXHIxwoB60xK9iX/LSwM+6JUIZFY1SNMQ= =CyzC -----END PGP SIGNATURE-----
