FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ec04f3d0-8cd9-11eb-bb9f-206a8a720317spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands

The Apache SpamAssassin project reports:

Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue of security note where malicious rule configuration (.cf) files can be configured to run system commands.

In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.


Discovery 2021-03-24
Entry 2021-03-24
spamassassin
lt 3.4.5

https://spamassassin.apache.org/news.html
https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
CVE-2020-1946