Hi Chris, thanks for your report. I checked the security Teams overview of those at - https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11805.html - https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12420.html
It seems they are still evaluating the options hence the status "needs Triage". I'll assign this bug to ubuntu-security so that they can update this bug along whatever they decide on the CVE triaging. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11805 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12420 ** Changed in: spamassassin (Ubuntu) Status: New => Confirmed ** Also affects: spamassassin (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: spamassassin (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: spamassassin (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: spamassassin (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: spamassassin (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: spamassassin (Ubuntu) Status: Confirmed => Fix Released ** Changed in: spamassassin (Ubuntu Trusty) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: spamassassin (Ubuntu Xenial) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: spamassassin (Ubuntu Bionic) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: spamassassin (Ubuntu Disco) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: spamassassin (Ubuntu Eoan) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1856248 Title: Spamassassin needs updated to reflect security fixes Status in spamassassin package in Ubuntu: Fix Released Status in spamassassin source package in Trusty: New Status in spamassassin source package in Xenial: New Status in spamassassin source package in Bionic: New Status in spamassassin source package in Disco: New Status in spamassassin source package in Eoan: New Bug description: lsb_release -rd Description: Ubuntu 18.04.3 LTS Release: 18.04 apt-cache policy spamassassin spamassassin: Installed: 3.4.2-0ubuntu0.18.04.1 Candidate: 3.4.2-0ubuntu0.18.04.1 The current version of Spamassassin is 3.4.2, the newest version, 3.4.3 fixes two security issues: CVE-2019-12420 for Multipart Denial of Service Vulnerability CVE-2018-11805 for nefarious CF files can be configured to run system commands without any output or errors. Request that Spamassassin be updated to the latest version 3.4.3 as soon as possible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1856248/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : [email protected] Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
