{"affected":[{"ecosystem_specific":{"binaries":[{"perl-Mail-SpamAssassin":"3.4.2-7.4.1","spamassassin":"3.4.2-7.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"spamassassin","purl":"pkg:rpm/suse/spamassassin&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-7.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"perl-Mail-SpamAssassin-Plugin-iXhash2":"2.05-7.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15","name":"spamassassin","purl":"pkg:rpm/suse/spamassassin&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-7.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for spamassassin to version 3.4.2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-11781: Fixed an issue where a local user could inject code in the meta rule syntax (bsc#1108748).\n- CVE-2018-11780: Fixed a potential remote code execution vulnerability in the PDFInfo plugin (bsc#1108750).\n- CVE-2017-15705: Fixed a denial of service through unclosed tags in crafted emails (bsc#1108745).\n- CVE-2016-1238: Fixed an issue where perl would load modules from the current directory (bsc#1108749).\n\nNon-security issues fixed:\n\n- Use systemd timers instead of cron (bsc#1115411)\n- Fixed incompatibility with Net::DNS >= 1.01 (bsc#1107765)\n- Fixed warning about deprecated regex during sa-update (bsc#1069831)\n","id":"SUSE-SU-2019:2011-1","modified":"2019-07-29T12:46:29Z","published":"2019-07-29T12:46:29Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192011-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1069831"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107765"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108745"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108748"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108749"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108750"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115411"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1238"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-11780"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-11781"}],"related":["CVE-2016-1238","CVE-2017-15705","CVE-2018-11780","CVE-2018-11781"],"summary":"Security update for spamassassin","upstream":["CVE-2016-1238","CVE-2017-15705","CVE-2018-11780","CVE-2018-11781"]}