Commit b2beeb88 authored by Noah Meyerhans's avatar Noah Meyerhans

Note bug/CVE associations

parent 776475e6
......@@ -3,12 +3,13 @@ spamassassin (3.4.2-1) unstable; urgency=medium
* New upstream release fixes multiple security vulnerabilities
- CVE-2017-15705: Denial of service issue in which certain unclosed
tags in emails cause markup to be handled incorrectly leading to
scan timeouts.
scan timeouts. (Closes: 908969)
- CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
- CVE-2018-11780: potential Remote Code Execution bug with the
PDFInfo plugin.
PDFInfo plugin. (Closes: 908970)
- CVE-2018-11781: local user code injection in the meta rule syntax.
(Closes: 908971)
* Don't recursively chown /var/lib/spamassassin during postinst.
(Closes: 889501)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment