USN-4520-1: Exim SpamAssassin vulnerability
18 September 2020
Exim SpamAssassin could be made to execute aribitrary code if it received crafted .cf files/rules.
- sa-exim - SpamAssassin filter for Exim
It was discovered that Exim SpamAssassin does not properly handle
configuration strings. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2019-19920)