Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
patchinfo.11888
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.11888
<patchinfo incident="11888"> <issue tracker="cve" id="2018-11780"/> <issue tracker="cve" id="2016-1238"/> <issue tracker="cve" id="2017-15705"/> <issue tracker="cve" id="2018-11781"/> <issue tracker="bnc" id="1108745">VUL-0: CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service</issue> <issue tracker="bnc" id="1108750">VUL-0: CVE-2018-11780: spamassassin: Potential remote code execution vulnerability in PDFInfo plugin</issue> <issue tracker="bnc" id="1108748">VUL-0: CVE-2018-11781: spamassassin: Local user code injection in the meta rule syntax</issue> <packager>varkoly</packager> <rating>important</rating> <category>security</category> <summary>Security update for spamassassin</summary> <description>This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745). - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750). Non-security issues fixed: - Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing - sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules - GeoIP2 support has been added to RelayCountry and URILocalBL plugins - Several new or enhanced configuration options </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor