| Errata ID | 626 |
|---|---|
| Date | 2019-12-18 |
| Source package | spamassassin |
| Fixed in version | 3.4.2-1~deb9u2 |
| Description | This update addresses the following issues: * Nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading we recommend that users should only use update channels or 3rd party .cf files from trusted places. (CVE-2018-11805) * A message can be crafted in a way to use excessive resources. (CVE-2019-12420) |
| Additional notes | |
| CVE ID | CVE-2018-11805 CVE-2019-12420 |
| UCS Bug number | #50651 |
