MGASA-2020-0079
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 09 Feb 2020, 19:13
Last modified:16 Apr 2026, 04:26
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Feb 2020, 19:13
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated
Description
Updated spamassassin packages fix security vulnerabilities The updated packages fix security vulnerabilities: Nefarious rule configuration (.cf) files can be configured to run system commands with sa-compile. (CVE-2020-1930) Nefarious rule configuration (.cf) files can be configured to run system commands with warnings. (CVE-2020-1931)
Affected Systems
- mageia•spamassassin
< 3.4.4-1.mga7
- mageia•spamassassin-rules
< 3.4.4-1.mga7
References (6)
- https://advisories.mageia.org/MGASA-2020-0079.html
- https://bugs.mageia.org/show_bug.cgi?id=26150
- https://spamassassin.apache.org/news.html
- https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
- https://www.openwall.com/lists/oss-security/2020/01/30/3
- https://www.openwall.com/lists/oss-security/2020/01/30/2