Die Maintainer von Spamassassin haben ein Sicherheitsupdate für Debian veröffentlicht, dass 2 Sicherheitslücken schließt.
Debian Spamassassin Update Release Notes
CVE ID : CVE-2018-11805 CVE-2019-12420
Debian Bug : 946652 946653
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.
CVE-2018-11805
Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple
scenarios.
CVE-2019-12420
Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service.
For the oldstable distribution (stretch), these problems have been fixed in version 3.4.2-1~deb9u2.
For the stable distribution (buster), these problems have been fixed in version 3.4.2-1+deb10u1.
We recommend that you upgrade your spamassassin packages.
For the detailed security status of spamassassin please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/spamassassin