oss-sec mailing list archives
Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420
From: "Kevin A. McGrail" <kmcgrail () apache org>
Date: Thu, 12 Dec 2019 07:55:32 -0500
Apache SpamAssassin 3.4.3 was recently released [1], and fixes an issue of security note where a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. Thanks to Joran Dirk Greef, Ronomon, Cape Town for reporting the issue. This issue has been assigned CVE id CVE-2019-12420 [2] To contact the Apache SpamAssassin security team, please e-mail security at spamassassin.apache.org. For more information about Apache SpamAssassin, visit the http://spamassassin.apache.org/ web site. Apache SpamAssassin Security Team [1]: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12420 -- Kevin A. McGrail KMcGrail () Apache org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Current thread:
- Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420 Kevin A. McGrail (Dec 12)