Errata overview
Errata ID 326
Date 2018-11-21
Source package spamassassin
Fixed in version 3.4.2-1~deb9u1
This update addresses the following issues:
* Certain unclosed tags in crafted emails allow for scan timeouts and result
  in denial of service (CVE-2017-15705)
* Potential remote code execution vulnerability in PDFInfo plugin
* Local user code injection in the meta rule syntax (CVE-2018-11781)
Additional notes
CVE ID CVE-2017-15705
UCS Bug number #48169