Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam
filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands
under multiple scenarios.
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your spamassassin packages.