spamassassin

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A mail filter to identify spam.
Version	4.0.1-2 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1731	3.4.4-3	3.4.5-1	High	Fixed
AVG-1077	3.4.2-5	3.4.3-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2020-1946	AVG-1731	High	Yes	Arbitrary command execution	In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With...
CVE-2019-12420	AVG-1077	Medium	Yes	Denial of service	An excessive resource-consumption vulnerability where a message can be crafted in a way to use excessive resources.
CVE-2018-11805	AVG-1077	Medium	Yes	Arbitrary command execution	A malicious CF file is able to execute system commands without producing output/error streams.

Issue

Group

Severity

Remote

Type

Description

CVE-2020-1946

AVG-1731

High

Yes

Arbitrary command execution

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With...

CVE-2019-12420

AVG-1077

Medium

Yes

Denial of service

An excessive resource-consumption vulnerability where a message can be crafted in a way to use excessive resources.

CVE-2018-11805

AVG-1077

Medium

Yes

Arbitrary command execution

A malicious CF file is able to execute system commands without producing output/error streams.