[SECURITY] [DLA 186-1] mailman security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 186-1] mailman security update
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 6 Apr 2015 19:13:43 +0200 (CEST)
Message-id: <[🔎] 20150406171343.CDA965A6F2@kinkhorst.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mailman
Version        : 1:2.1.13-6
CVE ID         : CVE-2015-2775
Debian Bug     : 781626

A path traversal vulnerability was discovered in Mailman, the mailing
list manager. Installations using a transport script (such as
postfix-to-mailman.py) to interface with their MTA instead of static
aliases were vulnerable to a path traversal attack. To successfully
exploit this, an attacker needs write access on the local file system.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVIr5fAAoJEFb2GnlAHawEkKgH/jEV77DJ6u7Bl6+JkhrAhu2I
kIqbr4DYzy4L/vxM1JRDEu0TtuxcG9P2CggDE0PzXD7mdhswXTI6//7MBg0Gdmnd
enQxDZuQynXtT0aUSTR7XxdmlT3ac4u2Q4fd5kgdHb5SUgE4zUwXMWkgVpUlemVs
TLY25xiIvk4qerthkIF1XvkjIRY/PgmzGRhuVd6mVN3uyi7wkojZfBUmve9Bsu3B
PRzkHCg7zlAysbN9AMGDTtNWJqQA0lYQKdqYsdRW2TCH49gymiMMBVjKbiwoWM+V
g0OGdMrv/lcohkL7F5jTuh4MDbiB+2rYzZtJ56SLw9TVQKQqeEJILNXA06feobk=
=J0k4
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 187-1] tor security update
Next by thread: [SECURITY] [DLA 187-1] tor security update
Index(es):
- Date
- Thread