Source: spamassassin Version: 3.4.1-1 Severity: grave Tags: security Hi,
The following vulnerability was published for spamassassin. CVE-2018-11780[0]: potential remote code execution bug with the PDFInfo plugin It is fixed in new upstream version 3.4.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-11780 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11780 [1] https://www.openwall.com/lists/oss-security/2018/09/16/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore