File _patchinfo of Package patchinfo.12433

<patchinfo incident="12433">
  <issue tracker="cve" id="2020-1930"/>
  <issue tracker="cve" id="2020-1931"/>
  <issue tracker="cve" id="2018-11805"/>
  <issue tracker="bnc" id="1162197">VUL-0: CVE-2020-1930: spamassassin: Nefarious rule configuration (.cf) files can be configured to run system commands</issue>
  <issue tracker="bnc" id="1162200">VUL-0: CVE-2020-1931: spamassassin: Nefarious rule configuration (.cf) files can be configured to run system commands with warnings</issue>
  <issue tracker="bnc" id="1118987">VUL-1: EMBARGOED: CVE-2018-11805: spamassassin: CVE Level issue with Rule Files</issue>
  <issue tracker="bnc" id="862963">spamassassin 3.3.2 and Perl 5.18.0: Altering hash requires restarting loop else UNDEFINED behavior.</issue>
  <packager>varkoly</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for spamassassin</summary>
  <description>This update for spamassassin fixes the following issues:

Security issues fixed:

- CVE-2018-11805: Fixed an issue with delimiter handling in rule files
  related to is_regexp_valid() (bsc#1118987).
- CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which
  can be configured to run system commands (bsc#1162197).
- CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which
  can be configured to run system commands with warnings (bsc#1162200).

Non-security issue fixed:

- Altering hash requires restarting loop (bsc#862963).
</description>
</patchinfo>