MFH: r569156

mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946

According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
The announce text:

Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
of security note where malicious rule configuration (.cf) files can be
configured to run system commands.

In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
of scenarios. In addition to upgrading to SA 3.4.5, users should only use
update channels or 3rd party .cf files from trusted places.

Apache SpamAssassin would like to thank Damian Lukowski at credativ for
ethically reporting this issue.

This issue has been assigned CVE id CVE-2020-1946 [2]

To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the https://spamassassin.apache.org/ web site.

Apache SpamAssassin Security Team

[1]: https://s.apache.org/ng9u9

[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946

PR:		254526
Submitted by:	cy
Reported by:	cy
Approved by:	maintainer (zeising)
Security:	https://s.apache.org/ng9u9
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
This commit is contained in:
Cy Schubert 2021-03-24 20:05:31 +00:00
parent 588b85e42f
commit 3689883c38
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/branches/2021Q1/; revision=569158
3 changed files with 5 additions and 4 deletions

View File

@ -2,7 +2,7 @@
# $FreeBSD$ # $FreeBSD$
PORTNAME= spamassassin PORTNAME= spamassassin
PORTVERSION= 3.4.4 PORTVERSION= 3.4.5
CATEGORIES?= mail perl5 CATEGORIES?= mail perl5
MASTER_SITES= APACHE/spamassassin/source CPAN/Mail MASTER_SITES= APACHE/spamassassin/source CPAN/Mail
DISTNAME= Mail-SpamAssassin-${PORTVERSION} DISTNAME= Mail-SpamAssassin-${PORTVERSION}

View File

@ -1,3 +1,3 @@
TIMESTAMP = 1580419680 TIMESTAMP = 1616608645
SHA256 (Mail-SpamAssassin-3.4.4.tar.gz) = 8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60 SHA256 (Mail-SpamAssassin-3.4.5.tar.gz) = a640842c5f3f468e3a21cbb9c555647306ec77807e57c5744ef0065e4a8675f6
SIZE (Mail-SpamAssassin-3.4.4.tar.gz) = 3274482 SIZE (Mail-SpamAssassin-3.4.5.tar.gz) = 6572220

View File

@ -131,6 +131,7 @@ lib/libspamc.so.0
%%SITE_PERL%%/Mail/SpamAssassin/Util/TinyRedis.pm %%SITE_PERL%%/Mail/SpamAssassin/Util/TinyRedis.pm
%%SITE_PERL%%/spamassassin-run.pod %%SITE_PERL%%/spamassassin-run.pod
%%PERL5_MAN1%%/sa-awl.1.gz %%PERL5_MAN1%%/sa-awl.1.gz
%%PERL5_MAN1%%/sa-check_%%USER%%.1.gz
%%PERL5_MAN1%%/sa-compile.1.gz %%PERL5_MAN1%%/sa-compile.1.gz
%%PERL5_MAN1%%/sa-learn.1.gz %%PERL5_MAN1%%/sa-learn.1.gz
%%PERL5_MAN1%%/sa-update.1.gz %%PERL5_MAN1%%/sa-update.1.gz