Format: 1.8
Date: Sun, 30 Sep 2018 23:44:58 -0700
Source: spamassassin
Binary: spamassassin spamc sa-compile
Architecture: i386
Version: 3.4.2-1
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-010.buildd>
Changed-By: Noah Meyerhans <noahm@debian.org>
Description:
 sa-compile - Tools for compiling SpamAssassin rules into C
 spamassassin - Perl-based spam filter using text analysis
 spamc      - Client for SpamAssassin spam filtering daemon
Closes: 858457 865924 883775 884163 889501 890650 891041 891833 908969 908970 908971
Changes:
 spamassassin (3.4.2-1) unstable; urgency=medium
 .
   * New upstream release fixes multiple security vulnerabilities
     - CVE-2017-15705: Denial of service issue in which certain unclosed
       tags in emails cause markup to be handled incorrectly leading to
       scan timeouts. (Closes: 908969)
     - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
       script.
     - CVE-2018-11780: potential Remote Code Execution bug with the
       PDFInfo plugin. (Closes: 908970)
     - CVE-2018-11781: local user code injection in the meta rule syntax.
       (Closes: 908971)
     - BayesStore: bayes_expire table grows, remove_running_expire_tok not
       called (Closes: 883775)
     - Fix use of uninitialized variable warning in PDFInfo.pm
       (Closes: 865924)
     - Fix "failed to parse plugin" error in
       Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
   * Don't recursively chown /var/lib/spamassassin during postinst.
     (Closes: 889501)
   * Reload spamd after compiling rules in sa-compile.postinst.
   * Preserve locally set ENABLED=1 setting from /etc/default/spamassassin
     when installing on systemd-based systems. (Closes: 884163, 858457)
   * Update SysV init script to cope with upstream's change to $0.
   * Remove compiled rules upon removal of the sa-compile package.
   * Ensure that /var/lib/spamassassin/compiled doesn't change modes with
     the cron job's execution. (Closes: 890650)
   * Update standards version to 4.2.1
   * Create /var/lib/spamassassin via dpkg, rather than the postinst.
     (Closes: 891833)
Checksums-Sha1:
 38c402781ea931f55845129a2e3ae3ca09710b9f 5385 spamassassin_3.4.2-1_i386.buildinfo
 9b6fa3c5bece6b2626616cbbac7305e03e70885c 45492 spamc-dbgsym_3.4.2-1_i386.ddeb
 b1e636ac394b37dba6d3531cfbd3ca39d693b491 54332 spamc_3.4.2-1_i386.deb
Checksums-Sha256:
 b9c6459b11a433af3c79a641f91f817f6a1575ab6ac5a933813b26653720eb32 5385 spamassassin_3.4.2-1_i386.buildinfo
 e5ba0de2fba26b2e46950c04b805d6b848d59220b6a496145897fe66e061c9f5 45492 spamc-dbgsym_3.4.2-1_i386.ddeb
 3be7062b157f41296086a7a6f5f1c13e658bb0a9fc64b648dc794de9a4c7264a 54332 spamc_3.4.2-1_i386.deb
Files:
 ab990292576ca35744ed52ff716f4e69 5385 mail optional spamassassin_3.4.2-1_i386.buildinfo
 fa997f503292ad86464149309e16182a 45492 debug optional spamc-dbgsym_3.4.2-1_i386.ddeb
 abf56cbbf409e9093e16b137c3b87a9b 54332 mail optional spamc_3.4.2-1_i386.deb