Overview

File _patchinfo of Package patchinfo.12432

<patchinfo incident="12432">
  <issue tracker="cve" id="2020-1930"/>
  <issue tracker="cve" id="2020-1931"/>      
  <issue tracker="cve" id="2018-11805"/>
  <issue tracker="bnc" id="1162197">VUL-0: CVE-2020-1930: spamassassin: Nefarious rule configuration (.cf) files can be configured to run system commands</issue>
  <issue tracker="bnc" id="1162200">VUL-0: CVE-2020-1931: spamassassin: Nefarious rule configuration (.cf) files can be configured to run system commands with warnings</issue>      
  <issue tracker="bnc" id="1118987">VUL-1: EMBARGOED: CVE-2018-11805: spamassassin: CVE Level issue with Rule Files</issue>
  <packager>varkoly</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for spamassassin</summary>
  <description>This update for spamassassin fixes the following issues:

- CVE-2018-11805: Fixed an issue with delimiter handling in rule files 
  related to is_regexp_valid() (bsc#1118987).
- CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which 
  can be configured to run system commands (bsc#1162197).
- CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which 
  can be configured to run system commands with warnings (bsc#1162200).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places