New SpamAssassin 3.4.2 release
Important security fixes
If you're using SpamAssassin, you should upgrade as soon as possible because this release addresses four security issues:
CVE-2017-15705, a malformed HTML email part may cause a denial of service through resource exhaustion;
CVE-2016-1238, incomplete sanitization of Perl's include path;
CVE-2018-11780, potential remote code execution in SpamAssassin's PDFInfo plugin;
- CVE-2018-11781, code injection in SpamAssassin
The source distribution...