Riprendo quanto scritto nel suo messaggio del 18/12/2019...
> I've reported this to atleast Debian and Ubuntu along with a proper fix.
Many thanks!!!
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanos
On Wed, Dec 18, 2019 at 05:30:38PM +0200, Henrik K wrote:
> On Wed, Dec 18, 2019 at 03:57:44PM +0100, Marco Gaiarin wrote:
> >
> > Looking at the plugin code, the culprit come from:
> >
> > $optionhash =~ s/;/,/g;
> > # This is safe, right? (users shouldn't be able to set it in their
>
On Wed, Dec 18, 2019 at 03:57:44PM +0100, Marco Gaiarin wrote:
>
> Looking at the plugin code, the culprit come from:
>
> $optionhash =~ s/;/,/g;
> # This is safe, right? (users shouldn't be able to set it in their config)
> %option=eval $optionhash;
>
> So seems to me that the CVE
I'm still using sa-exim in my servers:
https://sourceforge.net/projects/sa-exim/
https://packages.debian.org/search?keywords=sa-exim
recently i've upgraded spamassassin with the fix to CVE-2018-11805, and
suddenly i've started to receive:
Dec 16 10:04:53 vdmpp1 spamd[15196]: r
