|
Message-ID: <4867fdb1-eaba-98c9-661a-9b5cd974d5c1@apache.org> Date: Thu, 12 Dec 2019 07:55:32 -0500 From: "Kevin A. McGrail" <kmcgrail@...che.org> To: "kmcgrail@...che.org" <kmcgrail@...che.org>, oss-security@...ts.openwall.com Subject: Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420 Apache SpamAssassin 3.4.3 was recently released [1], and fixes an issue of security note where a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. Thanks to Joran Dirk Greef, Ronomon, Cape Town for reporting the issue. This issue has been assigned CVE id CVE-2019-12420 [2] To contact the Apache SpamAssassin security team, please e-mail security at spamassassin.apache.org. For more information about Apache SpamAssassin, visit the http://spamassassin.apache.org/ web site. Apache SpamAssassin Security Team [1]: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12420 -- Kevin A. McGrail KMcGrail@...che.org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.