group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1856248] Re: Spamassassin needs updated to reflect security fixes

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Christian Ehrhardt  <1856248@xxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Dec 2019 08:03:50 -0000
Reply-to: Bug 1856248 <1856248@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Chris,
thanks for your report.
I checked the security Teams overview of those at
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11805.html
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12420.html

It seems they are still evaluating the options hence the status "needs Triage".
I'll assign this bug to ubuntu-security so that they can update this bug along whatever they decide on the CVE triaging.


** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11805

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12420

** Changed in: spamassassin (Ubuntu)
       Status: New => Confirmed

** Also affects: spamassassin (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Also affects: spamassassin (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: spamassassin (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: spamassassin (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: spamassassin (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Changed in: spamassassin (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: spamassassin (Ubuntu Trusty)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: spamassassin (Ubuntu Xenial)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: spamassassin (Ubuntu Bionic)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: spamassassin (Ubuntu Disco)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: spamassassin (Ubuntu Eoan)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1856248

Title:
  Spamassassin needs updated to reflect security fixes

Status in spamassassin package in Ubuntu:
  Fix Released
Status in spamassassin source package in Trusty:
  New
Status in spamassassin source package in Xenial:
  New
Status in spamassassin source package in Bionic:
  New
Status in spamassassin source package in Disco:
  New
Status in spamassassin source package in Eoan:
  New

Bug description:
  lsb_release -rd
  Description: Ubuntu 18.04.3 LTS
  Release: 18.04

  apt-cache policy spamassassin
  spamassassin:
    Installed: 3.4.2-0ubuntu0.18.04.1
    Candidate: 3.4.2-0ubuntu0.18.04.1

  The current version of Spamassassin is 3.4.2, the newest version,
  3.4.3 fixes two security issues:

  CVE-2019-12420 for Multipart Denial of Service Vulnerability

  CVE-2018-11805 for nefarious CF files can be configured to
  run system commands without any output or errors.

  Request that Spamassassin be updated to the latest version 3.4.3 as
  soon as possible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1856248/+subscriptions