Spamassassin needs updated to reflect security fixes
Bug #1856248 reported by
chris pollock
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
spamassassin (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Confirmed
|
Undecided
|
Ubuntu Security Team | ||
Xenial |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
Bionic |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
Disco |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
Eoan |
Fix Released
|
Undecided
|
Ubuntu Security Team |
Bug Description
lsb_release -rd
Description: Ubuntu 18.04.3 LTS
Release: 18.04
apt-cache policy spamassassin
spamassassin:
Installed: 3.4.2-0ubuntu0.
Candidate: 3.4.2-0ubuntu0.
The current version of Spamassassin is 3.4.2, the newest version, 3.4.3 fixes two security issues:
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to
run system commands without any output or errors.
Request that Spamassassin be updated to the latest version 3.4.3 as soon as possible.
CVE References
Changed in spamassassin (Ubuntu Eoan): | |
status: | Confirmed → Fix Released |
Changed in spamassassin (Ubuntu Disco): | |
status: | Confirmed → Fix Released |
Changed in spamassassin (Ubuntu Bionic): | |
status: | Confirmed → Fix Released |
Changed in spamassassin (Ubuntu Xenial): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Hi Chris, /people. canonical. com/~ubuntu- security/ cve/2018/ CVE-2018- 11805.html /people. canonical. com/~ubuntu- security/ cve/2019/ CVE-2019- 12420.html
thanks for your report.
I checked the security Teams overview of those at
- https:/
- https:/
It seems they are still evaluating the options hence the status "needs Triage".
I'll assign this bug to ubuntu-security so that they can update this bug along whatever they decide on the CVE triaging.