Public bug reported: lsb_release -rd Description: Ubuntu 18.04.1 LTS Release: 18.04
apt-cache policy spamassassin spamassassin: Installed: 3.4.1-8build1 Candidate: 3.4.1-8build1 According to the release notes for Spamassassin 3.4.2 there have been significant bug fixes and changes made in the newer package. Some are noted below. Suggest that a 3.4.2 version of Spamassassin be released for 18.04LTS. "There is one specific pressing reason to upgrade. Specifically, we will stop producing SHA-1 signatures for rule updates. This means that while we produce rule updates with the focus on them working for any release from v3.3.2 forward, they will start failing SHA-1 validation for sa-update. *** If you do not update to 3.4.2, you will be stuck at the last ruleset with SHA-1 signatures in the near future. ***" "Four CVE security bug fixes are included in this release for PDFInfo.pm and the SA core: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781" CVE-2017-15705 - "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts." https://launchpad.net/bugs/cve/CVE-2017-15705 CVE-2016-1238 - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1238.html According to the link above it appears that Bionic is not affected by this. CVE-2018-11780 - "A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2." https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11780.html CVE-2018-11781 - "Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax." https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11781.html ** Affects: spamassassin (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796863 Title: Upgrade to version 3.4.2 for Bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1796863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs