Date: Thu, 30 Jan 2020 13:51:14 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r524641 - head/security/vuxml Message-ID: <202001301351.00UDpEIt084061@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Thu Jan 30 13:51:13 2020 New Revision: 524641 URL: https://svnweb.freebsd.org/changeset/ports/524641 Log: Document: [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings Security: CVE-2020-1931 Security: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/\ build/announcements/3.4.4.txt Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jan 30 13:05:26 2020 (r524640) +++ head/security/vuxml/vuln.xml Thu Jan 30 13:51:13 2020 (r524641) @@ -58,6 +58,36 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e3404a6e-4364-11ea-b643-206a8a720317"> + <topic>spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings</topic> + <affects> + <package> + <name>spamassassin</name> + <range><lt>3.4.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>the Apache Spamassassin project reports:</p> + <blockquote cite="https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt"> + <p>nefarious rule configuration (.cf) files can be configured to + run system commands similar to CVE-2018-11805. This issue + is less stealthy and attempts to exploit the issue will throw + warnings.</p> + </blockquote> + </body> + </description> + <references> + <url>https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931</url> + <cvename>CVE-2020-1931</cvename> + </references> + <dates> + <discovery>2020-01-30</discovery> + <entry>2020-01-30</entry> + </dates> + </vuln> + <vuln vid="08f5c27d-4326-11ea-af8b-00155d0a0200"> <topic>OpenSMTPd -- critical LPE / RCE vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001301351.00UDpEIt084061>