Update 3.4.2 --> 3.4.3
2019-12-11: Apache SpamAssassin 3.4.3 has been released! Apache
SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare
to move to version 4.0.0 with better, native UTF-8 handling. There are a
number of functional patches, improvements as well as security reasons to
upgrade to 3.4.3. In this release, there is also one new plugin and there
are bug fixes for two CVEs:
CVE-2019-12420 for Multipart Denial of Service Vulnerability CVE-2018-11805 for nefarious CF files can be configured to run system commands without any output or errors.
PR: 242618
Submitted by: cy
Reported by: cy
Approved by: zeising (maintainer)
MFH: 2019Q4
Security: CVE-2019-12420, CVE-2018-11805