From owner-freebsd-ports-bugs@freebsd.org  Wed Mar 24 20:03:08 2021
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2DA495BE680
 for <freebsd-ports-bugs@mailman.nyi.freebsd.org>;
 Wed, 24 Mar 2021 20:03:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4F5K0q0YfMz4vL8
 for <freebsd-ports-bugs@freebsd.org>; Wed, 24 Mar 2021 20:03:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id CA3AA5BE67F; Wed, 24 Mar 2021 20:03:06 +0000 (UTC)
Delivered-To: ports-bugs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C99A85BE2C1
 for <ports-bugs@mailman.nyi.freebsd.org>; Wed, 24 Mar 2021 20:03:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F5K0p4BMxz4vQW
 for <ports-bugs@FreeBSD.org>; Wed, 24 Mar 2021 20:03:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:1d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5B9991A070
 for <ports-bugs@FreeBSD.org>; Wed, 24 Mar 2021 20:03:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 12OK360O061248
 for <ports-bugs@FreeBSD.org>; Wed, 24 Mar 2021 20:03:06 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 12OK36Lk061247
 for ports-bugs@FreeBSD.org; Wed, 24 Mar 2021 20:03:06 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 254526] [PATCH] mail/spamassassin Update to 3.4.5 fixing 
 CVE-2020-1946
Date: Wed, 24 Mar 2021 20:03:06 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: commit-hook@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: cy@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback+ merge-quarterly+
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-254526-7788-BQPfwRvuDK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-254526-7788@https.bugs.freebsd.org/bugzilla/>
References: <bug-254526-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 20:03:08 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254526

--- Comment #6 from commit-hook@FreeBSD.org ---
A commit references this bug:

Author: cy
Date: Wed Mar 24 20:02:53 UTC 2021
New revision: 569156
URL: https://svnweb.freebsd.org/changeset/ports/569156

Log:
  mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946

  According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
  The announce text:

  Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
  of security note where malicious rule configuration (.cf) files can be
  configured to run system commands.

  In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
  of scenarios. In addition to upgrading to SA 3.4.5, users should only use
  update channels or 3rd party .cf files from trusted places.

  Apache SpamAssassin would like to thank Damian Lukowski at credativ for
  ethically reporting this issue.

  This issue has been assigned CVE id CVE-2020-1946 [2]

  To contact the Apache SpamAssassin security team, please e-mail
  security at spamassassin.apache.org. For more information about Apache
  SpamAssassin, visit the https://spamassassin.apache.org/ web site.

  Apache SpamAssassin Security Team

  [1]: https://s.apache.org/ng9u9

  [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2020-1946

  PR:           254526
  Submitted by: cy
  Reported by:  cy
  Approved by:  maintainer (zeising)
  MFH:          2021Q1
  Security:     https://s.apache.org/ng9u9
                https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2020-1946

Changes:
  head/mail/spamassassin/Makefile
  head/mail/spamassassin/distinfo
  head/mail/spamassassin/pkg-plist

--=20
You are receiving this mail because:
You are on the CC list for the bug.=