[ubuntu/cosmic-proposed] spamassassin 3.4.2-1 (Accepted)

[Jeremy Bicha]

spamassassin (3.4.2-1) unstable; urgency=medium

  * New upstream release fixes multiple security vulnerabilities
    - CVE-2017-15705: Denial of service issue in which certain unclosed
      tags in emails cause markup to be handled incorrectly leading to
      scan timeouts. (Closes: 908969)
    - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
      script.
    - CVE-2018-11780: potential Remote Code Execution bug with the
      PDFInfo plugin. (Closes: 908970)
    - CVE-2018-11781: local user code injection in the meta rule syntax.
      (Closes: 908971)
    - BayesStore: bayes_expire table grows, remove_running_expire_tok not
      called (Closes: 883775)
    - Fix use of uninitialized variable warning in PDFInfo.pm
      (Closes: 865924)
    - Fix "failed to parse plugin" error in
      Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
  * Don't recursively chown /var/lib/spamassassin during postinst.
    (Closes: 889501)
  * Reload spamd after compiling rules in sa-compile.postinst.
  * Preserve locally set ENABLED=1 setting from /etc/default/spamassassin
    when installing on systemd-based systems. (Closes: 884163, 858457)
  * Update SysV init script to cope with upstream's change to $0.
  * Remove compiled rules upon removal of the sa-compile package.
  * Ensure that /var/lib/spamassassin/compiled doesn't change modes with
    the cron job's execution. (Closes: 890650)
  * Update standards version to 4.2.1
  * Create /var/lib/spamassassin via dpkg, rather than the postinst.
    (Closes: 891833)

Date: 2018-10-01 10:36:14.954140+00:00
Changed-By: Noah Meyerhans <noahm at debian.org>
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-1
-------------- next part --------------
Sorry, changesfile not available.