** Also affects: spamassassin (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: spamassassin (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: spamassassin (Ubuntu Cosmic)
   Importance: Medium
       Status: Triaged

** Also affects: spamassassin (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: spamassassin (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: spamassassin (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: spamassassin (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: spamassassin (Ubuntu Xenial)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: spamassassin (Ubuntu Bionic)
       Status: New => Confirmed

** Changed in: spamassassin (Ubuntu Bionic)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: spamassassin (Ubuntu Cosmic)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1796863

Title:
  Upgrade to version 3.4.2 for Bionic

Status in spamassassin package in Ubuntu:
  Fix Released
Status in spamassassin source package in Trusty:
  Confirmed
Status in spamassassin source package in Xenial:
  Confirmed
Status in spamassassin source package in Bionic:
  Confirmed
Status in spamassassin source package in Cosmic:
  Fix Released

Bug description:
  lsb_release -rd
  Description:  Ubuntu 18.04.1 LTS
  Release:      18.04

  apt-cache policy spamassassin
  spamassassin:
    Installed: 3.4.1-8build1
    Candidate: 3.4.1-8build1

  According to the release notes for Spamassassin 3.4.2 there have been
  significant bug fixes and changes made in the newer package. Some are
  noted below. Suggest that a 3.4.2 version of Spamassassin be released
  for 18.04LTS.

  "There is one specific pressing reason to upgrade. 
  Specifically, we will stop producing SHA-1 signatures for rule updates.  This 
means that
  while we produce rule updates with the focus on them working for any release 
from
  v3.3.2 forward, they will start failing SHA-1 validation for sa-update. 

  *** If you do not update to 3.4.2, you will be stuck at the last ruleset
      with SHA-1 signatures in the near future. ***"

  "Four CVE security bug fixes are included in this release for PDFInfo.pm and
  the SA core:
   CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781"

  CVE-2017-15705 -
  "A denial of service vulnerability was identified that exists in Apache 
SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags 
in emails that cause markup to be handled incorrectly leading to scan timeouts."
  https://launchpad.net/bugs/cve/CVE-2017-15705

  CVE-2016-1238 -
  https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1238.html
  According to the link above it appears that Bionic is not affected by this.

  CVE-2018-11780 -
  "A potential Remote Code Execution bug exists with the PDFInfo plugin in
  Apache SpamAssassin before 3.4.2."
  https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11780.html

  CVE-2018-11781 -
  "Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta
  rule syntax."
  https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11781.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1796863/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to