Spamassassin needs updated to reflect security fixes
Bug #1856248 reported by
chris pollock
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| spamassassin (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Trusty |
Confirmed
|
Undecided
|
Ubuntu Security Team | ||
| Xenial |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
| Bionic |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
| Disco |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
| Eoan |
Fix Released
|
Undecided
|
Ubuntu Security Team | ||
Bug Description
lsb_release -rd
Description: Ubuntu 18.04.3 LTS
Release: 18.04
apt-cache policy spamassassin
spamassassin:
Installed: 3.4.2-0ubuntu0.
Candidate: 3.4.2-0ubuntu0.
The current version of Spamassassin is 3.4.2, the newest version, 3.4.3 fixes two security issues:
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to
run system commands without any output or errors.
Request that Spamassassin be updated to the latest version 3.4.3 as soon as possible.
CVE References
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #1 |
| Changed in spamassassin (Ubuntu): | |
| status: | New → Confirmed |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| status: | Confirmed → Fix Released |
| assignee: | Ubuntu Security Team (ubuntu-security) → nobody |
| Changed in spamassassin (Ubuntu Trusty): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| Changed in spamassassin (Ubuntu Xenial): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| Changed in spamassassin (Ubuntu Bionic): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| Changed in spamassassin (Ubuntu Disco): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| Changed in spamassassin (Ubuntu Eoan): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #2 |
Revision history for this message
| chris pollock (cpollock) wrote | #3 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in spamassassin (Ubuntu Bionic): | |
| status: | New → Confirmed |
| Changed in spamassassin (Ubuntu Disco): | |
| status: | New → Confirmed |
| Changed in spamassassin (Ubuntu Eoan): | |
| status: | New → Confirmed |
| Changed in spamassassin (Ubuntu Trusty): | |
| status: | New → Confirmed |
| Changed in spamassassin (Ubuntu Xenial): | |
| status: | New → Confirmed |
Revision history for this message
| chris pollock (cpollock) wrote | #9 |
| Changed in spamassassin (Ubuntu Eoan): | |
| status: | Confirmed → Fix Released |
| Changed in spamassassin (Ubuntu Disco): | |
| status: | Confirmed → Fix Released |
| Changed in spamassassin (Ubuntu Bionic): | |
| status: | Confirmed → Fix Released |
| Changed in spamassassin (Ubuntu Xenial): | |
| status: | Confirmed → Fix Released |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #10 |
Revision history for this message
| chris pollock (cpollock) wrote | #11 |
To post a comment you must log in.
Hi Chris,
thanks for your report.
I checked the security Teams overview of those at
- https:/
- https:/
It seems they are still evaluating the options hence the status "needs Triage".
I'll assign this bug to ubuntu-security so that they can update this bug along whatever they decide on the CVE triaging.