It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19920)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "4.2.1-14+deb8u1build0.16.04.1", "binary_name": "sa-exim" } ] }