-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 30 Sep 2018 23:44:58 -0700 Source: spamassassin Binary: spamassassin spamc sa-compile Architecture: source all amd64 Version: 3.4.2-1 Distribution: unstable Urgency: medium Maintainer: Noah Meyerhans <noahm@debian.org> Changed-By: Noah Meyerhans <noahm@debian.org> Description: sa-compile - Tools for compiling SpamAssassin rules into C spamassassin - Perl-based spam filter using text analysis spamc - Client for SpamAssassin spam filtering daemon Closes: 858457 865924 883775 884163 889501 890650 891041 891833 908969 908970 908971 Changes: spamassassin (3.4.2-1) unstable; urgency=medium . * New upstream release fixes multiple security vulnerabilities - CVE-2017-15705: Denial of service issue in which certain unclosed tags in emails cause markup to be handled incorrectly leading to scan timeouts. (Closes: 908969) - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration script. - CVE-2018-11780: potential Remote Code Execution bug with the PDFInfo plugin. (Closes: 908970) - CVE-2018-11781: local user code injection in the meta rule syntax. (Closes: 908971) - BayesStore: bayes_expire table grows, remove_running_expire_tok not called (Closes: 883775) - Fix use of uninitialized variable warning in PDFInfo.pm (Closes: 865924) - Fix "failed to parse plugin" error in Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041) * Don't recursively chown /var/lib/spamassassin during postinst. (Closes: 889501) * Reload spamd after compiling rules in sa-compile.postinst. * Preserve locally set ENABLED=1 setting from /etc/default/spamassassin when installing on systemd-based systems. (Closes: 884163, 858457) * Update SysV init script to cope with upstream's change to $0. * Remove compiled rules upon removal of the sa-compile package. * Ensure that /var/lib/spamassassin/compiled doesn't change modes with the cron job's execution. (Closes: 890650) * Update standards version to 4.2.1 * Create /var/lib/spamassassin via dpkg, rather than the postinst. (Closes: 891833) Checksums-Sha1: 4682b1ae4582df205cb676ed6fa0c1c5fea5dc2f 2437 spamassassin_3.4.2-1.dsc a7c72a47e9aa88276aeefc926a159c27dc4a74ab 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz f295571631e4163225ee3eab04d5c0cce3a69fbc 1873396 spamassassin_3.4.2.orig.tar.xz 9e99ec3e223bc4c0e184e217319ca57c98e72d7a 38612 spamassassin_3.4.2-1.debian.tar.xz c16c099174bb14f2f54bca19ab6b54296a14aa10 47904 sa-compile_3.4.2-1_all.deb b4e85ee7bd6c0dc29464e4b3280f90d626044cf7 1121628 spamassassin_3.4.2-1_all.deb 0e8572c1644a85745e3747d06fb063533e73234c 6491 spamassassin_3.4.2-1_amd64.buildinfo 44fc9bf2f894a10619d88a09d96db1d7047a3528 51632 spamc-dbgsym_3.4.2-1_amd64.deb 45074abc06c7a56a62f8ca17ff680782e343f6b8 82708 spamc_3.4.2-1_amd64.deb Checksums-Sha256: 9610aa6bc6168cb62197fe93c043af76479291c6d14526c2317390bfa38f4c21 2437 spamassassin_3.4.2-1.dsc 3f3349bb45ac63a7b85a7562a365a9805c4afce91aa11718f0dacfe034890066 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz aae73f835e1201713458fbe012f686eae395f7672c4729e62c91a92b3ced50df 1873396 spamassassin_3.4.2.orig.tar.xz 9e9e924e59665796641d60edbdc88905f88bb545a9d208921af1713a1771d998 38612 spamassassin_3.4.2-1.debian.tar.xz 3f5021d8e5e36f105b16b0722b8dbe6a0251af1180be0630a6ceda86fabff77c 47904 sa-compile_3.4.2-1_all.deb 098dddb2cdceeb381b8014a029272b5084aa8f8a9c3a49f99a29928744f2ab7a 1121628 spamassassin_3.4.2-1_all.deb 7213c9d8ca428f77e583c25eee1097508ac297078bae3b47e8ec0f43d9aed4c7 6491 spamassassin_3.4.2-1_amd64.buildinfo 41cc3eb33ced6fc54e31cfe159093e0502eede572e6534bd3c2b60a7e4d03504 51632 spamc-dbgsym_3.4.2-1_amd64.deb a709456209fd939897c6f7b03bea6753dc18e2957479a9a4b553a360b47d5180 82708 spamc_3.4.2-1_amd64.deb Files: 64bce716ff4cdc590337a551c07c4f94 2437 mail optional spamassassin_3.4.2-1.dsc d1616326f1d3a442aff01347e615cabd 234232 mail optional spamassassin_3.4.2.orig-pkgrules.tar.xz 0f6d6733613ec670b13d37ce6f6244f8 1873396 mail optional spamassassin_3.4.2.orig.tar.xz 64ce474e3e6bd3f4d6b58c09c49730fa 38612 mail optional spamassassin_3.4.2-1.debian.tar.xz 9a301495a878db9e55c0db3dc90c6811 47904 mail optional sa-compile_3.4.2-1_all.deb ced8ac1a4cba624255deeea4bad829db 1121628 mail optional spamassassin_3.4.2-1_all.deb 6028e236374e3a706be97c65807372f7 6491 mail optional spamassassin_3.4.2-1_amd64.buildinfo a1679615f961382eeb5ff44ce4d3ad9c 51632 debug optional spamc-dbgsym_3.4.2-1_amd64.deb 2b7afe5834fa3f84acf960bcc3f22477 82708 mail optional spamc_3.4.2-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAluxxFcRHG5vYWhtQGRl Ymlhbi5vcmcACgkQV68+Bn2yWDPsWw/7BDz/TPpD5Vcq1D8l5peV54bwL8l5QT8M 4o+TOBUgaqxwYnBsYbbsYGlV8RSr14W+l1DZuGEDG3/8qIX95PGEXq+zRtIai47w QEJZsDWOAbyGp+izGA07dbAKoLnqUoP9wpjfBb2uKWs8qV1KY5tEfBKusKOU30Uy Qf9tAaIyc2dS3xSISMe7Iw5iEw94161t+Yr1OotjUebzcAZk8SWu5hSaBMJVRUU4 bdjiJqyRNkgtmvSiwWthjSeIn7ANmLGOoN57amIIETWMesJVhk9qw9shRnnUAXZB PBcZ369ImAF0gA9DhEh61KE8RYSPvbxy6/nVeVzoHJlGvMSS3ZUJRIiT6m1V9ruG xKR7/UEld3bxhHG/NEaKVel57Ir0V929p6o9+1LhQZJZJwLd+ApYCmHC32zpsSmY mAcKt4pHBjebPxNr8ZAakQMTPEPuE9f6TMebY07TD63yKr2SqNi17NVaPrGfrlSk z7+JdPRHTshp/KMwvnLjUH62MQG3VawBFK7uQmD2rvtDtxQTgp1nExT/ksxwm/yD pCenviVSGcKhqR90EtTL+AjhVmmlixaJvMNX/lSwmw8SJi/2yyYe3Gh33duP6yLH XOv0Os2k1CBguRbrwZzfFtrRd4HSx80+nweXub5IT6fIpxzIoD0YaLuNa28sHccn 0ZPPBQdkOMQ= =4gYQ -----END PGP SIGNATURE-----