Apache SpamAssassin 3.4.4 was recently released [1], and fixes an issue
of security note where nefarious rule configuration (.cf) files can be
configured to run system commands similar to CVE-2018-11805. With this
bug unpatched, exploits can be injected in a number of scenarios
including the same
Apache SpamAssassin 3.4.4 was recently released [1], and fixes an issue
of security note where nefarious rule configuration (.cf) files can be
configured to run system commands similar to CVE-2018-11805. This issue
is less stealthy and attempts to exploit the issue will throw warnings.
Thanks to
Bill Cole skrev den 2020-01-25 21:01:
Answering that question requires a more carefully written and detailed
problem description.
sorry for that
Correct, it's a policy issue. ASF Projects must stop providing SHA-1
signatures and we negotiated that deadline.
Regards,
KAM
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Wed, Jan 29,
On Wed, 29 Jan 2020, Matus UHLAR - fantomas wrote:
On 29.01.20 14:12, Kevin A. McGrail wrote:
On behalf of the Apache SpamAssassin Project, I am pleased to announce
version 3.4.4 is available.
Release Notes -- Apache SpamAssassin -- Version 3.4.4
Introduction
Apache
On 29.01.20 14:12, Kevin A. McGrail wrote:
On behalf of the Apache SpamAssassin Project, I am pleased to announce
version 3.4.4 is available.
Release Notes -- Apache SpamAssassin -- Version 3.4.4
Introduction
Apache SpamAssassin 3.4.4 is primarily a security release.
In this
On behalf of the Apache SpamAssassin Project, I am pleased to announce
version 3.4.4 is available.
Release Notes -- Apache SpamAssassin -- Version 3.4.4
Introduction
Apache SpamAssassin 3.4.4 is primarily a security release.
In this release, there are bug fixes for two CVEs.
***