{"affected":[{"ecosystem_specific":{"binaries":[{"amavisd-new":"2.11.1-6.3.1","amavisd-new-docs":"2.11.1-6.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"amavisd-new","purl":"pkg:rpm/suse/amavisd-new&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.11.1-6.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for amavisd-new fixes the following issues:\n\nwmavisd-new was updated to version 2.11.1 (bsc#1123389):\n\n* removed a trailing dot element from @INC, as a workaround for a perl\n vulnerability CVE-2016-1238 (bsc#987887)\n* amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR\n for a message 'PID went away', and removed redundant newlines\n from some log messages\n* safe_decode() and safe_decode_utf8(): avoid warning messages\n 'Use of uninitialized value in subroutine entry'\n in Encode::MIME::Header when the $check argument is undefined\n* @sa_userconf_maps has been extended to allow loading of per-recipient\n (or per-policy bank, or global) SpamAssassin configuration set from\n LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with\n 'ldap:' will load SpamAssassin configuration set using the\n load_scoreonly_ldap() method; a patch by Atanas Karashenski\n* add some Sanesecurity.Foxhole false positives to the default\n list @virus_name_to_spam_score_maps\n* updated some comments\n\nUpdate amavis-milter to version 2.6.1:\n\n* Fixed bug when creating amavisd-new policy bank names\n","id":"SUSE-SU-2019:0505-1","modified":"2019-02-27T07:43:59Z","published":"2019-02-27T07:43:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190505-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123389"},{"type":"REPORT","url":"https://bugzilla.suse.com/987887"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1238"}],"related":["CVE-2016-1238"],"summary":"Security update for amavisd-new","upstream":["CVE-2016-1238"]}