Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Mar 2021 20:03:06 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 254526] [PATCH] mail/spamassassin Update to 3.4.5 fixing  CVE-2020-1946
Message-ID:  <bug-254526-7788-BQPfwRvuDK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-254526-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-254526-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254526

--- Comment #6 from commit-hook@FreeBSD.org ---
A commit references this bug:

Author: cy
Date: Wed Mar 24 20:02:53 UTC 2021
New revision: 569156
URL: https://svnweb.freebsd.org/changeset/ports/569156

Log:
  mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946

  According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
  The announce text:

  Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
  of security note where malicious rule configuration (.cf) files can be
  configured to run system commands.

  In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
  of scenarios. In addition to upgrading to SA 3.4.5, users should only use
  update channels or 3rd party .cf files from trusted places.

  Apache SpamAssassin would like to thank Damian Lukowski at credativ for
  ethically reporting this issue.

  This issue has been assigned CVE id CVE-2020-1946 [2]

  To contact the Apache SpamAssassin security team, please e-mail
  security at spamassassin.apache.org. For more information about Apache
  SpamAssassin, visit the https://spamassassin.apache.org/ web site.

  Apache SpamAssassin Security Team

  [1]: https://s.apache.org/ng9u9

  [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2020-1946

  PR:           254526
  Submitted by: cy
  Reported by:  cy
  Approved by:  maintainer (zeising)
  MFH:          2021Q1
  Security:     https://s.apache.org/ng9u9
                https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2020-1946

Changes:
  head/mail/spamassassin/Makefile
  head/mail/spamassassin/distinfo
  head/mail/spamassassin/pkg-plist

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254526-7788-BQPfwRvuDK>