File _patchinfo of Package patchinfo.11888

<patchinfo incident="11888">
  <issue tracker="cve" id="2018-11780"/>
  <issue tracker="cve" id="2016-1238"/>
  <issue tracker="cve" id="2017-15705"/>
  <issue tracker="cve" id="2018-11781"/>
  <issue tracker="bnc" id="1108745">VUL-0: CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service</issue>
  <issue tracker="bnc" id="1108750">VUL-0: CVE-2018-11780: spamassassin: Potential remote code execution vulnerability in PDFInfo plugin</issue>
  <issue tracker="bnc" id="1108748">VUL-0: CVE-2018-11781: spamassassin: Local user code injection in the meta rule syntax</issue>
  <packager>varkoly</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for spamassassin</summary>
  <description>This update for spamassassin to version 3.4.2 fixes the following issues:

Security issues fixed:

- CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745).
- CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748).
- CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750).

Non-security issues fixed:

- Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing
- sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules
- GeoIP2 support has been added to RelayCountry and URILocalBL plugins
- Several new or enhanced configuration options
</description>
</patchinfo>