FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

spamassassin -- multiple vulnerabilities

Affected packages
spamassassin < 3.4.3


VuXML ID 70111759-1dae-11ea-966a-206a8a720317
Discovery 2019-12-11
Entry 2019-12-13

the Apache Spamassassin project reports:

An input validation error of user-supplied input parsing multipart emails. Specially crafted emails can consume all resources on the system.

A local user is able to execute arbitrary shell commands through specially crafted nefarious CF files.


CVE Name CVE-2018-11805
CVE Name CVE-2019-12420