diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2021-03-24 20:02:52 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2021-03-24 20:02:52 +0000 |
| commit | ab1d4c39f480c69c625e38d6a0a5b06d06ee873a (patch) | |
| tree | 99834724678d52ddeee6c8209aed0b44ef2e8b22 /mail | |
| parent | 3df759b334c319bffd4aa90a8b98c46f9f986406 (diff) | |
| download | ports-ab1d4c39f480c69c625e38d6a0a5b06d06ee873a.tar.gz ports-ab1d4c39f480c69c625e38d6a0a5b06d06ee873a.zip | |
mail/spamassassin: Update 3.4.4 --> 3.4.5, fixing CVE-2020-1946
According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
The announce text:
Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
of security note where malicious rule configuration (.cf) files can be
configured to run system commands.
In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
of scenarios. In addition to upgrading to SA 3.4.5, users should only use
update channels or 3rd party .cf files from trusted places.
Apache SpamAssassin would like to thank Damian Lukowski at credativ for
ethically reporting this issue.
This issue has been assigned CVE id CVE-2020-1946 [2]
To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the https://spamassassin.apache.org/ web site.
Apache SpamAssassin Security Team
[1]: https://s.apache.org/ng9u9
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
PR: 254526
Submitted by: cy
Reported by: cy
Approved by: maintainer (zeising)
MFH: 2021Q1
Security: https://s.apache.org/ng9u9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
Notes
Notes:
svn path=/head/; revision=569156
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/spamassassin/Makefile | 2 | ||||
| -rw-r--r-- | mail/spamassassin/distinfo | 6 | ||||
| -rw-r--r-- | mail/spamassassin/pkg-plist | 1 |
3 files changed, 5 insertions, 4 deletions
diff --git a/mail/spamassassin/Makefile b/mail/spamassassin/Makefile index 7d69b5b76f5e..6f3b5c5c9e13 100644 --- a/mail/spamassassin/Makefile +++ b/mail/spamassassin/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= spamassassin -PORTVERSION= 3.4.4 +PORTVERSION= 3.4.5 CATEGORIES?= mail perl5 MASTER_SITES= APACHE/spamassassin/source CPAN/Mail DISTNAME= Mail-SpamAssassin-${PORTVERSION} diff --git a/mail/spamassassin/distinfo b/mail/spamassassin/distinfo index 1daee18b72d7..23e77ea35c80 100644 --- a/mail/spamassassin/distinfo +++ b/mail/spamassassin/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1580419680 -SHA256 (Mail-SpamAssassin-3.4.4.tar.gz) = 8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60 -SIZE (Mail-SpamAssassin-3.4.4.tar.gz) = 3274482 +TIMESTAMP = 1616608645 +SHA256 (Mail-SpamAssassin-3.4.5.tar.gz) = a640842c5f3f468e3a21cbb9c555647306ec77807e57c5744ef0065e4a8675f6 +SIZE (Mail-SpamAssassin-3.4.5.tar.gz) = 6572220 diff --git a/mail/spamassassin/pkg-plist b/mail/spamassassin/pkg-plist index a87bdba07558..2b1288cc60e6 100644 --- a/mail/spamassassin/pkg-plist +++ b/mail/spamassassin/pkg-plist @@ -131,6 +131,7 @@ lib/libspamc.so.0 %%SITE_PERL%%/Mail/SpamAssassin/Util/TinyRedis.pm %%SITE_PERL%%/spamassassin-run.pod %%PERL5_MAN1%%/sa-awl.1.gz +%%PERL5_MAN1%%/sa-check_%%USER%%.1.gz %%PERL5_MAN1%%/sa-compile.1.gz %%PERL5_MAN1%%/sa-learn.1.gz %%PERL5_MAN1%%/sa-update.1.gz |