-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 30 Sep 2018 23:44:58 -0700 Source: spamassassin Binary: spamassassin spamc sa-compile Architecture: source all amd64 Version: 3.4.2-1~deb9u1 Distribution: stretch Urgency: high Maintainer: Noah Meyerhans <noahm@debian.org> Changed-By: Noah Meyerhans <noahm@debian.org> Description: sa-compile - Tools for compiling SpamAssassin rules into C spamassassin - Perl-based spam filter using text analysis spamc - Client for SpamAssassin spam filtering daemon Closes: 808804 853913 861671 864810 865356 865514 865924 869408 883775 889501 890650 891041 891833 908969 908970 908971 910434 Changes: spamassassin (3.4.2-1~deb9u1) stretch; urgency=high . * New upstream release fixes multiple security vulnerabilities - CVE-2017-15705: Denial of service issue in which certain unclosed tags in emails cause markup to be handled incorrectly leading to scan timeouts. (Closes: 908969) - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration script. - CVE-2018-11780: potential Remote Code Execution bug with the PDFInfo plugin. (Closes: 908970) - CVE-2018-11781: local user code injection in the meta rule syntax. (Closes: 908971) - BayesStore: bayes_expire table grows, remove_running_expire_tok not called (Closes: 883775) - Fix use of uninitialized variable warning in PDFInfo.pm (Closes: 865924) - Fix "failed to parse plugin" error in Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041) * Don't recursively chown /var/lib/spamassassin during postinst. (Closes: 889501) * Reload spamd after compiling rules in sa-compile.postinst. * Update SysV init script to cope with upstream's change to $0. * Remove compiled rules upon removal of the sa-compile package. * Ensure that /var/lib/spamassassin/compiled doesn't change modes with the cron job's execution. (Closes: 890650) * Create /var/lib/spamassassin via dpkg, rather than the postinst. (Closes: 891833) * Add libbsd-resource-perl to Suggests (Closes: 910434) . spamassassin (3.4.1-8) unstable; urgency=medium . * Fix inappropriate invocation of invoke-rc.d in cron script. (Closes: 865514) * Update systemd unit dependencies to include network and syslog. (Closes: 864810) * Migrate packaging to git, finally. * Apply upstream patch to fix regex error leading to warnings in perl 5.26+ (Closes: 869408) * Update standards version to 4.1.0.0 * Remove references to the obsolete syslog.target dependency in the systemd service file. * Clarify the use of the perl-major-upgrade dpkg trigger. * Fix spamd service management on package upgrades. (Closes: #865356) . spamassassin (3.4.1-7) unstable; urgency=medium . * Ensure that spamd doesn't automatically start upon initial installation. * Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as it requires users to register. (Closes: #861671) * Update the systemd unit file to use the same pid file as was used in the sysvinit script. (Closes: #808804) * Update spamassassin docs to remove outdated gpg version compatibility note. (Closes: #853913) Checksums-Sha1: 0fe215425a542e1366e627468d834e3b90eb17e4 2465 spamassassin_3.4.2-1~deb9u1.dsc a7c72a47e9aa88276aeefc926a159c27dc4a74ab 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz f295571631e4163225ee3eab04d5c0cce3a69fbc 1873396 spamassassin_3.4.2.orig.tar.xz 245b236f974de483d56fa2f36c08050a4f542f67 38168 spamassassin_3.4.2-1~deb9u1.debian.tar.xz fe4735d062829571e7bd6df813836f50eb30dc73 47526 sa-compile_3.4.2-1~deb9u1_all.deb abbca004ad48d702b256d75eca20db18ca1fc65d 1122358 spamassassin_3.4.2-1~deb9u1_all.deb 21e5b7d155d3d9519f820161eb37e4f6c59c74f0 7038 spamassassin_3.4.2-1~deb9u1_amd64.buildinfo e8e98bd2f67d3c55f5b7b3a28e621d43a348041f 43806 spamc-dbgsym_3.4.2-1~deb9u1_amd64.deb 6792de805393b60dad0746a622916c36b3346a0d 82686 spamc_3.4.2-1~deb9u1_amd64.deb Checksums-Sha256: 1ab5862919c0f01902ca6bdc14625598ca8e4e624bc8165b1c940b6cc5f0fc8f 2465 spamassassin_3.4.2-1~deb9u1.dsc 3f3349bb45ac63a7b85a7562a365a9805c4afce91aa11718f0dacfe034890066 234232 spamassassin_3.4.2.orig-pkgrules.tar.xz aae73f835e1201713458fbe012f686eae395f7672c4729e62c91a92b3ced50df 1873396 spamassassin_3.4.2.orig.tar.xz d100da85c5b88dd7dc301de1af6835e06a039892c44747de5b1150e8a7ce6640 38168 spamassassin_3.4.2-1~deb9u1.debian.tar.xz 9fa265f079061ac3a34994f90cad41bb9df9af4fa5aba2e3c796fb2bc262f5ca 47526 sa-compile_3.4.2-1~deb9u1_all.deb d9e43b2f774464a347a9b3dc225ca7f477c9790157fa9a94f8aee99fdf0e05df 1122358 spamassassin_3.4.2-1~deb9u1_all.deb ee838cb685bddb2b998bf2ca97afaa739cf327e90f52c843fb144c576250aec3 7038 spamassassin_3.4.2-1~deb9u1_amd64.buildinfo 88b79c34b99da9a192170c1d111b36ce06292198ac2bcf33f9ca5f013698f7e3 43806 spamc-dbgsym_3.4.2-1~deb9u1_amd64.deb 0df0da94e2779efe3fe342db53a6458120ace1524b3cb2e1d926cbbca605604f 82686 spamc_3.4.2-1~deb9u1_amd64.deb Files: e4b97bb4255ea4f55bb860f6c9a95c29 2465 mail optional spamassassin_3.4.2-1~deb9u1.dsc d1616326f1d3a442aff01347e615cabd 234232 mail optional spamassassin_3.4.2.orig-pkgrules.tar.xz 0f6d6733613ec670b13d37ce6f6244f8 1873396 mail optional spamassassin_3.4.2.orig.tar.xz f8d56133ed767697a71b787226c57924 38168 mail optional spamassassin_3.4.2-1~deb9u1.debian.tar.xz 0c56bd88fd19275265424c607dad1ebf 47526 mail optional sa-compile_3.4.2-1~deb9u1_all.deb db4375aa9f308f1631058a905278e000 1122358 mail optional spamassassin_3.4.2-1~deb9u1_all.deb 26244b4f06cd64283c9829a240a9d636 7038 mail optional spamassassin_3.4.2-1~deb9u1_amd64.buildinfo b9ebbdca978978cb80c705d52264bec5 43806 debug extra spamc-dbgsym_3.4.2-1~deb9u1_amd64.deb 473a55ecdddb784d8bd1ce2ab3ca418c 82686 mail optional spamc_3.4.2-1~deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE65xaF5r2LDCTz+zyV68+Bn2yWDMFAlvadQ4RHG5vYWhtQGRl Ymlhbi5vcmcACgkQV68+Bn2yWDPNMg//XMpxGU+xuDOSFJQPTvFtRMAwxTF1e9jz 2Z2MrGU17+2Rdu7GYzZ01NV63HyqAaHpFthZPc2MniQI6tGDTqNTyap+/QzeKRq9 g8BnLNf9ReghJu5Wkv6RFLjcGqH3ykJlBTaAYlvGQgzT/hTDXb1qmmpt2r8DP3gr Jw0b77OO10XTtBaCV8nHsCDe8q8S89vWHb/vchzDU1wsSPjaLgx2FoaV/DsWzLTS O0IpZ0F9K1TUc7uymgls52KR/hK3xH6OHA0AdbNOfEXGdhD513nd8SkkpGZoxpaX lXHMsQ2WBkbxH3/7KAesM1OdyMG3DY3z1uXdRKgyFcpZUFoJMD7ixWIbj6Pc8qnD jPh/MOtyNsRDWpFFpkVkHLyK5S5dC2IXgHfgr+hxe3Z6dVNv2DJvSHTfzoPOSBvD VzPaLmBH5mCyW8A/Om6iJ2xDQJJExgirPrVuHbrD0d9U2tx4kZEpGDJnUGB9q8dM ir9wCnKXJrQsp7Kopp/XdJEZJVxFZ2wBOywiLXRuV05sLMBS5EJoyp6XCcmt7osr v8t98pyk2PLj/tAJcjfvzCo3sfWUGLJfZxDHEHq0rioLZ8lrLvJqB84KkD0n3F2H /yoUxWkz5bjljxUEr+5agCTbN9pgKGnKvvG9n6foPpNIZf9e4aQCMHqYHIJ8k5Hr uUR05OHYvnQ= =8LvD -----END PGP SIGNATURE-----