-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 30 Oct 2018 13:28:29 -0400 Source: spamassassin Binary: spamassassin spamc sa-compile Architecture: source all amd64 Version: 3.4.2-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Noah Meyerhans <no...@debian.org> Changed-By: Antoine Beaupré <anar...@debian.org> Description: sa-compile - Tools for compiling SpamAssassin rules into C spamassassin - Perl-based spam filter using text analysis spamc - Client for SpamAssassin spam filtering daemon Closes: 784023 865924 883775 889501 891041 908969 908970 908971 913571 Changes: spamassassin (3.4.2-0+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * New upstream version to fix several security issues and critical bugs: - CVE-2017-15705: Denial of service issue in which certain unclosed tags in emails cause markup to be handled incorrectly leading to scan timeouts. (Closes: 908969) - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration script. - CVE-2018-11780: potential Remote Code Execution bug with the PDFInfo plugin. (Closes: 908970) - CVE-2018-11781: local user code injection in the meta rule syntax. (Closes: 908971) - BayesStore: bayes_expire table grows, remove_running_expire_tok not called (Closes: 883775) - Fix use of uninitialized variable warning in PDFInfo.pm (Closes: 865924) - Fix "failed to parse plugin" error in Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041) - SSLv3 support removed from spamc * Don't recursively chown /var/lib/spamassassin during postinst. (Closes: 889501) * Update SysV init script to cope with upstream's change to $0. * Run test suite during build (Closes: #784023). * Refresh patches * Removed patches merged upstream: - 30_edit_README - 35_bug752542-libnet-dns-perl.patch - 97_bug720499-pod-5.18 - bug_771408_perl_version - bug_774768_disable_ahbl * Added patch to silence extra debugging messages (Closes: #913571) Checksums-Sha1: 3454a58e1b7fb91284a706949219bb01142e446d 2126 spamassassin_3.4.2-0+deb8u1.dsc a7c72a47e9aa88276aeefc926a159c27dc4a74ab 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz f295571631e4163225ee3eab04d5c0cce3a69fbc 1873396 spamassassin_3.4.2.orig.tar.xz 3618a83860fb605b35983ca7b997871652134791 36876 spamassassin_3.4.2-0+deb8u1.debian.tar.xz 679a3814a3993d7902778d30389dba61216409b3 1176290 spamassassin_3.4.2-0+deb8u1_all.deb af1ee6858931ad81f389002622e2f2976af6e5fe 46968 sa-compile_3.4.2-0+deb8u1_all.deb f3c14a2296d26c70cdd8aba3f21e5ff162a82fed 81194 spamc_3.4.2-0+deb8u1_amd64.deb Checksums-Sha256: 4d3fa6333bbcb6a62ebe83c8187c0489da0df5de433213cb7cc7ac16fb53fc65 2126 spamassassin_3.4.2-0+deb8u1.dsc 3f3349bb45ac63a7b85a7562a365a9805c4afce91aa11718f0dacfe034890066 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz aae73f835e1201713458fbe012f686eae395f7672c4729e62c91a92b3ced50df 1873396 spamassassin_3.4.2.orig.tar.xz a44de59dce688c9e02a081797229404bb2ad296214365ce0d979ce9e25d2c363 36876 spamassassin_3.4.2-0+deb8u1.debian.tar.xz 89e3063d4733665835fcf82104e612231bb242cffbeb44d8ac778f743e56bb10 1176290 spamassassin_3.4.2-0+deb8u1_all.deb 8a2aa523c733d48657b81d6dba1fe62d59526c61d4a6d0c00f84d6570e673a66 46968 sa-compile_3.4.2-0+deb8u1_all.deb 0f06178a02f6b123c8675b1f6572520bd0ff6e3b84416e74b6f65725ae0d0505 81194 spamc_3.4.2-0+deb8u1_amd64.deb Files: a245f95524a82c86906e8582e3f6b176 2126 mail optional spamassassin_3.4.2-0+deb8u1.dsc d1616326f1d3a442aff01347e615cabd 234232 mail optional spamassassin_3.4.2.orig-pkgrules.tar.xz 0f6d6733613ec670b13d37ce6f6244f8 1873396 mail optional spamassassin_3.4.2.orig.tar.xz 1065a02ec5c934835398f377c01a3216 36876 mail optional spamassassin_3.4.2-0+deb8u1.debian.tar.xz 9c47273d94caa3cbf8e8835562f7f089 1176290 mail optional spamassassin_3.4.2-0+deb8u1_all.deb ca299ea1fba3396d1eae3061bf6dd52f 46968 mail optional sa-compile_3.4.2-0+deb8u1_all.deb 46d2e6e39cf11215eb07dd026a870174 81194 mail optional spamc_3.4.2-0+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlvrGtsACgkQPqHd3bJh 2Xto2Af/TXe0JQP+l1bhV9ooDC0gkTX7Mmt6OXkWXdjuAreBcJcFHf41wg1a0r8L m6Ar3noRfgCgsfsxl2zX1pDFHPBWuIgm2ojvHkDGxwzXklmEf0u0kMJf37obAONj HY0v9qdxDdgI67lsH8g1qsaqahfz77YK9uoDAvoKHLV+mzjZAkarBSLXSKgvbvnk ArbParEvl0/L0mjSVrA258X0tSnSGKK/DKdrl327L7nDYEUsg9GEH/pgVcmMAZMt j3dT+ez4+3A04YjaNlqPASzuJraKC4WeVoFZE8ai0GYFN6PuZNr3zd+2uo1PbesB XTBMng9+wxE8W3bbEy/XgtmEDT0IWA== =3PR9 -----END PGP SIGNATURE-----