Hello community, here is the log from the commit of package patchinfo.12209 for openSUSE:Leap:15.1:Update checked in at 2020-04-04 16:19:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12209 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12209.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12209" Sat Apr 4 16:19:31 2020 rev:1 rq:789759 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12209"> <issue tracker="cve" id="2020-1930"/> <issue tracker="cve" id="2020-1931"/> <issue tracker="cve" id="2018-11805"/> <issue tracker="bnc" id="1162197">VUL-0: CVE-2020-1930: spamassassin: Nefarious rule configuration (.cf) files can be configured to run system commands</issue> <issue tracker="bnc" id="1162200">VUL-0: CVE-2020-1931: spamassassin: Nefarious rule configuration (.cf) files can be configured to run system commands with warnings</issue> <issue tracker="bnc" id="1118987">VUL-1: EMBARGOED: CVE-2018-11805: spamassassin: CVE Level issue with Rule Files</issue> <issue tracker="bnc" id="862963">spamassassin 3.3.2 and Perl 5.18.0: Altering hash requires restarting loop else UNDEFINED behavior.</issue> <packager>varkoly</packager> <rating>important</rating> <category>security</category> <summary>Security update for spamassassin</summary> <description>This update for spamassassin fixes the following issues: Security issues fixed: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Non-security issue fixed: - Altering hash requires restarting loop (bsc#862963). This update was imported from the SUSE:SLE-15-SP1:Update update project.</description> </patchinfo>
