Format: 1.8
Date: Sun, 30 Sep 2018 23:44:58 -0700
Source: spamassassin
Binary: spamassassin spamc sa-compile
Architecture: all amd64
Version: 3.4.2-1
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-009.buildd>
Changed-By: Noah Meyerhans <noahm@debian.org>
Description:
 sa-compile - Tools for compiling SpamAssassin rules into C
 spamassassin - Perl-based spam filter using text analysis
 spamc      - Client for SpamAssassin spam filtering daemon
Closes: 858457 865924 883775 884163 889501 890650 891041 891833 908969 908970 908971
Changes:
 spamassassin (3.4.2-1) unstable; urgency=medium
 .
   * New upstream release fixes multiple security vulnerabilities
     - CVE-2017-15705: Denial of service issue in which certain unclosed
       tags in emails cause markup to be handled incorrectly leading to
       scan timeouts. (Closes: 908969)
     - CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
       script.
     - CVE-2018-11780: potential Remote Code Execution bug with the
       PDFInfo plugin. (Closes: 908970)
     - CVE-2018-11781: local user code injection in the meta rule syntax.
       (Closes: 908971)
     - BayesStore: bayes_expire table grows, remove_running_expire_tok not
       called (Closes: 883775)
     - Fix use of uninitialized variable warning in PDFInfo.pm
       (Closes: 865924)
     - Fix "failed to parse plugin" error in
       Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
   * Don't recursively chown /var/lib/spamassassin during postinst.
     (Closes: 889501)
   * Reload spamd after compiling rules in sa-compile.postinst.
   * Preserve locally set ENABLED=1 setting from /etc/default/spamassassin
     when installing on systemd-based systems. (Closes: 884163, 858457)
   * Update SysV init script to cope with upstream's change to $0.
   * Remove compiled rules upon removal of the sa-compile package.
   * Ensure that /var/lib/spamassassin/compiled doesn't change modes with
     the cron job's execution. (Closes: 890650)
   * Update standards version to 4.2.1
   * Create /var/lib/spamassassin via dpkg, rather than the postinst.
     (Closes: 891833)
Checksums-Sha1:
 e3afa1366c28a3c9c0729f59405e56634eec6928 13612 sa-compile_3.4.2-1_all.deb
 5a94a18616110f6553cc3bfce7f0fa2d4d5ef648 1092060 spamassassin_3.4.2-1_all.deb
 4a23788a92dea2fefae424a61f72007f397d1edf 5953 spamassassin_3.4.2-1_amd64.buildinfo
 0f89b04de6cf44a696998931ef6d29e315afd8b4 51536 spamc-dbgsym_3.4.2-1_amd64.ddeb
 3781e097856b9ccddf8fe717d1e6a6d3361504de 53328 spamc_3.4.2-1_amd64.deb
Checksums-Sha256:
 b86b81a01d3f4d6847394df3e68a43103b93addf1ad01c5718e366af5ffbcebb 13612 sa-compile_3.4.2-1_all.deb
 eac6695f4a318e61f3d9efb1078604773a9f78efeedcd09951053bc233319352 1092060 spamassassin_3.4.2-1_all.deb
 5eff119f1fd18a25b0a4ddea48bf64c8537bd645be07b40b65588af53404b7ca 5953 spamassassin_3.4.2-1_amd64.buildinfo
 e09c700e23ebb6876a6bb71a6c999da5fa3bc57151be71aec201cc4644bdff64 51536 spamc-dbgsym_3.4.2-1_amd64.ddeb
 81f9b17655b8d0d6edb93c5378797d62532db38bf6795bfadffce15a702aefb3 53328 spamc_3.4.2-1_amd64.deb
Files:
 1c092447b598eeef261a2495812a9036 13612 mail optional sa-compile_3.4.2-1_all.deb
 8776fb07fff8fe9d8928f9fd66445877 1092060 mail optional spamassassin_3.4.2-1_all.deb
 d32e6be85997f57ff09a289eace411f0 5953 mail optional spamassassin_3.4.2-1_amd64.buildinfo
 9845a5bf7ba0c3f2614c225d4dc4bc1d 51536 debug optional spamc-dbgsym_3.4.2-1_amd64.ddeb
 ee115d34dd78a705cf92e29e796d8079 53328 mail optional spamc_3.4.2-1_amd64.deb