Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1629491 - SpamAssassin 3.4.2 released with CVE disclosure
Summary: SpamAssassin 3.4.2 released with CVE disclosure
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: spamassassin
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-16 21:42 UTC by Harald Reindl
Modified: 2018-09-29 23:56 UTC (History)
10 users (show)

Fixed In Version: spamassassin-3.4.2-2.fc28 spamassassin-3.4.2-2.fc29 spamassassin-3.4.2-2.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-23 20:19:25 UTC
Type: Bug


Attachments (Terms of Use)

Description Harald Reindl 2018-09-16 21:42:36 UTC
because upstream has no brain this update is now urgent - yeah, blow out security details without giving the rest of the world time for updates


-------- Weitergeleitete Nachricht --------
Betreff: [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
Datum: Sun, 16 Sep 2018 12:59:12 -0400
Von: Kevin A. McGrail <kmcgrail>
An: Spamassassin <users.org>, SpamAssassin Devel List <dev.org>, announce.org, announce
Kopie (CC): security.org, oss-security.com

Apache SpamAssassin 3.4.2 was recently released [1], and fixes several
issues of security note.

First, a denial of service vulnerability that exists in all modern versions.

The vulnerability arises with certain unclosed tags in emails that cause
markup to be handled incorrectly leading to scan timeouts.

In Apache SpamAssassin, using HTML::Parser, we setup an object and hook
into the begin and end tag event handlers  In both cases, the "open"
event is immediately followed by a "close" event - even if the tag *does
not* close in the HTML being parsed.

Because of this, we are missing the "text" event to deal with the object
normally.  This can cause carefully crafted emails that might take more
scan time than expected leading to a Denial of Service.

The issue is possibly a bug or design decision in HTML::Parser that
specifically impacts the way Apache SpamAssassin uses the module with
poorly formed html.

The exploit has been seen in the wild but not believe to have been
purposefully part of a Denial of Service attempt.  We are concerned that
there may be attempts to abuse the vulnerability in the future. 
Therefore, we strongly recommend all users of these versions upgrade to
Apache SpamAssassin 3.4.2 as soon as possible.

This issue has been assigned CVE id CVE-2017-15705 [2].


Second, this release also fixes a reliance on "." in @INC in one
configuration script.  Whether this can be exploited in any way is
uncertain.

This issue has been assigned CVE id CVE-2016-1238 [3].


Third, this release fixes a potential Remote Code Execution bug with the
PDFInfo plugin.  Thanks to cPanel Security Team for their report of this
issue.

This issue has been assigned CVE id CVE-2018-11780 [4].


Fourth, this release fixes a local user code injection in the meta rule
syntax. Thanks again to cPanel Security Team for their report of this issue.

This issue has been assigned CVE id CVE-2018-11781 [5].


To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org.  For more information about Apache
SpamAssassin, visit the http://spamassassin.apache.org/ web site.

Apache SpamAssassin Security Team

[1]:
https://lists.apache.org/thread.html/1ac11532235b5459aa16c4e9d636bf4aa0b141d347d1361e40cc1b78@%3Cannounce.apache.org%3E

[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15705

[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1238

[4]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11780

[5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11781

Comment 1 Kenneth Porter 2018-09-17 02:12:09 UTC
Duplicate of bug 1629474.

Comment 2 Fedora Update System 2018-09-19 02:38:12 UTC
spamassassin-3.4.2-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f

Comment 3 Fedora Update System 2018-09-19 02:38:37 UTC
spamassassin-3.4.2-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba

Comment 4 Fedora Update System 2018-09-19 02:39:02 UTC
spamassassin-3.4.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489

Comment 5 Simon Matter 2018-09-19 05:00:19 UTC
Two things I see here

https://src.fedoraproject.org/rpms/spamassassin/blob/master/f/spamassassin.spec

1) %global saversion 3.004001

Should be 3.004002

2) Source12: sought.conf

Should be removed, see bug #1630362

Comment 6 Kevin Fenzi 2018-09-19 16:45:44 UTC
Yeah, will fix those up. Really the entire spec needs a bit of cleanup, but I wanted to get these updates out. 

Thanks for the feedback.

Comment 7 Fedora Update System 2018-09-20 04:58:29 UTC
spamassassin-3.4.2-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bf4c5356f

Comment 8 Fedora Update System 2018-09-20 11:10:56 UTC
spamassassin-3.4.2-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d42addb489

Comment 9 Fedora Update System 2018-09-20 16:18:00 UTC
spamassassin-3.4.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cfe3700eba

Comment 10 Philip Prindeville 2018-09-20 18:45:27 UTC
Seeing:

Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_compensate.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_drugs.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_dynrdns.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_head_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_html_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_phrases.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_porn.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/23_bayes.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/72_active.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.
Sep 20 12:38:22 mail mimedefang-multiplexor[2627]: w8KIcEQA030293: Worker 9 stderr: config: configuration file "/usr/share/spamassassin/73_sandbox_manual_scores.cf" requires version 3.004001 of SpamAssassin, but this is code version 3.004002. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Conf/Parser.pm line 407.

Comment 11 Philip Prindeville 2018-09-20 18:46:02 UTC
Probably related to comment #5.

Comment 12 Harald Reindl 2018-09-20 18:52:45 UTC
@Philip Prindeville: what about running "sa-update" as it is required after any version jump (often not remembered becaus eupstream only releases every half decade)

[root@mail-gw:~]$ locate 20_advance_fee.cf
/usr/share/spamassassin/20_advance_fee.cf
/var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf
/var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf

Comment 13 Philip Prindeville 2018-09-20 19:06:48 UTC
(In reply to Harald Reindl from comment #12)
> @Philip Prindeville: what about running "sa-update" as it is required after
> any version jump (often not remembered becaus eupstream only releases every
> half decade)
> 
> [root@mail-gw:~]$ locate 20_advance_fee.cf
> /usr/share/spamassassin/20_advance_fee.cf
> /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_advance_fee.cf
> /var/lib/spamassassin/3.004002/updates_spamassassin_org/20_advance_fee.cf

Hmm... I was missing DBI and Net::DNS::Nameserver it seems.  Not sure why these weren't dependencies of sa-update.

Installed those, then re-ran sa-update and updatedb.

Not seeing the message after "systemctl reload mimedefang.service".

Comment 14 Harald Reindl 2018-09-20 19:14:30 UTC
because they are no dependency at all?

[root@mail-gw:~]$ rpm -qa | grep -i dbi
libdbi-0.9.0-9.fc27.x86_64

[root@mail-gw:~]$ rpm -qa | grep -i perl | grep -i dns
perl-Net-DNS-1.15-1.fc27.noarch

and that is a machine running hundrets of domains for years now

all your stuff above is from "mail mimedefang-multiplexor" which has little to nothing to do with SpamAssassin!

Comment 15 Philip Prindeville 2018-09-20 19:16:48 UTC
# sa-update -v -D
Sep 20 13:02:11.617 [30434] dbg: logger: adding facilities: all
Sep 20 13:02:11.617 [30434] dbg: logger: logging level is DBG
Sep 20 13:02:11.617 [30434] dbg: generic: SpamAssassin version 3.4.2
Sep 20 13:02:11.617 [30434] dbg: generic: Perl 5.026002, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin
Sep 20 13:02:11.617 [30434] dbg: config: timing enabled
Sep 20 13:02:11.620 [30434] dbg: config: score set 0 chosen.
Sep 20 13:02:11.629 [30434] dbg: generic: sa-update version 3.4.2 / svn1840377
Sep 20 13:02:11.629 [30434] dbg: generic: using update directory: /var/lib/spamassassin/3.004002
Sep 20 13:02:11.834 [30434] dbg: diag: perl platform: 5.026002 linux
Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: Digest::SHA, version 6.02
Sep 20 13:02:11.834 [30434] dbg: diag: [...] module installed: HTML::Parser, version 3.72
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::DNS, version 1.15
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: NetAddr::IP, version 4.079
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Time::HiRes, version 1.9753
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Archive::Tar, version 2.28
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Zlib, version 1.10
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Digest::SHA1, version 2.13
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: MIME::Base64, version 3.15
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: DB_File, version 1.842
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::SMTP, version 3.11
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Mail::SPF, version v2.009
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Geo::IP, version 1.50
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Net::CIDR::Lite, version 0.21
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Razor2::Client::Agent, version 2.84
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::IP, version 0.39
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.72
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: IO::Socket::SSL, version 2.051
Sep 20 13:02:11.835 [30434] dbg: diag: [...] module installed: Compress::Zlib, version 2.074
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Mail::DKIM, version 0.42
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: DBI ('require' failed)
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Getopt::Long, version 2.5
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: LWP::UserAgent, version 6.34
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: HTTP::Date, version 6.02
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Encode::Detect::Detector, version 1.01
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: Net::Patricia, version 1.22
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module not installed: Net::DNS::Nameserver ('require' failed)
Sep 20 13:02:11.836 [30434] dbg: diag: [...] module installed: BSD::Resource, version 1.2911
Sep 20 13:02:11.837 [30434] dbg: gpg: Searching for 'gpg2'
Sep 20 13:02:11.837 [30434] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Sep 20 13:02:11.837 [30434] dbg: util: executable for gpg2 was found at /usr/bin/gpg2
Sep 20 13:02:11.838 [30434] dbg: gpg: found /usr/bin/gpg2
Sep 20 13:02:11.838 [30434] dbg: gpg: release trusted key id list: 5E541DC959CB8BAC7C78DFDC4056A61A5244EC45 0C2B1D7175B852C64B3CDC716C55397824F434CE
Sep 20 13:02:11.839 [30434] dbg: util: secure_tmpfile created a temporary file /tmp/.spamassassin30434fjfhoGtmp
Sep 20 13:02:11.839 [30434] dbg: channel: attempting channel updates.spamassassin.org
Sep 20 13:02:11.839 [30434] dbg: channel: using existing directory /var/lib/spamassassin/3.004002/updates_spamassassin_org
Sep 20 13:02:11.839 [30434] dbg: channel: channel cf file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf
Sep 20 13:02:11.839 [30434] dbg: channel: channel pre file /var/lib/spamassassin/3.004002/updates_spamassassin_org.pre
Sep 20 13:02:11.839 [30434] dbg: channel: metadata version = 1841300, from file /var/lib/spamassassin/3.004002/updates_spamassassin_org.cf
Sep 20 13:02:11.854 [30434] dbg: dns: 2.4.3.updates.spamassassin.org => 1841300, parsed as 1841300
Sep 20 13:02:11.854 [30434] dbg: channel: current version is 1841300, new version is 1841300, skipping channel
Sep 20 13:02:11.854 [30434] dbg: diag: updates complete, exiting with code 1
Update finished, no fresh updates were available
#

Comment 16 Fedora Update System 2018-09-20 22:26:03 UTC
spamassassin-3.4.2-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366

Comment 17 Fedora Update System 2018-09-20 22:26:31 UTC
spamassassin-3.4.2-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e

Comment 18 Fedora Update System 2018-09-20 22:26:57 UTC
spamassassin-3.4.2-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b

Comment 19 Kevin Fenzi 2018-09-20 22:33:02 UTC
The version issue has been corrected in the -2 version. Please test, thanks.

Comment 20 Fedora Update System 2018-09-21 07:59:55 UTC
spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0df2c366

Comment 21 Fedora Update System 2018-09-21 08:34:03 UTC
spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ed251c42b

Comment 22 Fedora Update System 2018-09-21 08:48:07 UTC
spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-46d7a7f63e

Comment 23 Fedora Update System 2018-09-23 20:19:25 UTC
spamassassin-3.4.2-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 24 Fedora Update System 2018-09-29 22:01:08 UTC
spamassassin-3.4.2-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2018-09-29 23:56:45 UTC
spamassassin-3.4.2-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.