MGASA-2020-0079

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2020-0079.html
Import Source
https://advisories.mageia.org/MGASA-2020-0079.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2020-0079
Related
Published
2020-02-09T19:13:40Z
Modified
2020-02-09T18:52:08Z
Summary
Updated spamassassin packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities:

Nefarious rule configuration (.cf) files can be configured to run system commands with sa-compile. (CVE-2020-1930)

Nefarious rule configuration (.cf) files can be configured to run system commands with warnings. (CVE-2020-1931)

References
Credits

Affected packages

Mageia:7 / spamassassin

Package

Name
spamassassin
Purl
pkg:rpm/mageia/spamassassin?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / spamassassin-rules

Package

Name
spamassassin-rules
Purl
pkg:rpm/mageia/spamassassin-rules?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-1.mga7

Ecosystem specific 

{
    "section": "core"
}