File _patchinfo of Package patchinfo.9980
<patchinfo incident="9980"> <issue tracker="bnc" id="1107765">spamassassin: incompatibility with Net::DNS >= 1.01</issue> <issue tracker="bnc" id="1115411">spamassassin: migrate from cron to systemd timers</issue> <issue tracker="bnc" id="1069831">Running sa-update from spamassassin gives warning about deprecated regex</issue> <issue tracker="bnc" id="1108748">VUL-0: CVE-2018-11781: spamassassin: Local user code injection in the meta rule syntax</issue> <issue tracker="bnc" id="1108750">VUL-0: CVE-2018-11780: spamassassin: Potential remote code execution vulnerability in PDFInfo plugin</issue> <issue tracker="bnc" id="1108745">VUL-0: CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service</issue> <issue tracker="bnc" id="1108749">VUL-0: CVE-2016-1238: spamassassin: loading modules from current directory</issue> <issue tracker="cve" id="2016-1238"/> <issue tracker="cve" id="2017-15705"/> <issue tracker="cve" id="2018-11781"/> <issue tracker="cve" id="2018-11780"/> <category>security</category> <rating>moderate</rating> <packager>varkoly</packager> <description>This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2018-11781: Fixed an issue where a local user could inject code in the meta rule syntax (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in the PDFInfo plugin (bsc#1108750). - CVE-2017-15705: Fixed a denial of service through unclosed tags in crafted emails (bsc#1108745). - CVE-2016-1238: Fixed an issue where perl would load modules from the current directory (bsc#1108749). Non-security issues fixed: - Use systemd timers instead of cron (bsc#1115411) - Fixed incompatibility with Net::DNS >= 1.01 (bsc#1107765) - Fixed warning about deprecated regex during sa-update (bsc#1069831) </description> <summary>Security update for spamassassin</summary> </patchinfo>
