[SECURITY] [DLA 1441-1] sympa security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1441-1] sympa security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 24 Jul 2018 22:53:14 +0200
Message-id: <[🔎] 312f7922-6d5d-22ac-9b15-8f860ee90e27@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : sympa
Version        : 6.1.23~dfsg-2+deb8u2
CVE ID         : CVE-2018-1000550

A vulnerability has been discovered in Sympa, a modern mailing list
manager, that allows write access to files on the server filesystem.
This flaw allows to create or modify any file writable by the Sympa
user, located on the server filesystem, using the function of Sympa
web interface template file saving.

For Debian 8 "Jessie", this problem has been fixed in version
6.1.23~dfsg-2+deb8u2.

We recommend that you upgrade your sympa packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltXkblfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQEnA//fa0/0X2yNq95p2b6rSRWf7jaH/zXAF/feNmWLffJaaVEGcjjyGnn8558
s2rljK2KkEZ/UkKMwOgmir1b+oS9U6/eL8QzNvyQQCO3S1iJ0JbthqBFmMExgV4x
IppNZsmHvHOS4nCf2eGXKwEdTm2FJKbkd9Co50PCh9wVOcyglAVmaJ2u6pIa0042
sht1w5Kts5aYqpKVs1A2zMpYvhraPyI085ZVaRTUazVfmz8cvSQQrcijvTbhMnlJ
zcNapqp0cYAbdc6h6MME76E5UNgeU5RGsvMJuGUtReV28SXuH27KGo4NjHsMlZfA
N6F3EfaxMJYyn+/0wODanqIabEHFChblCj9Bwf/0YBH8LupTzrK6mozTV8SvURCG
DJ+arVPoeDtP00zCntHIwNyWi70j1gjPCRL2sXXnWOOaaINsCxcOdlX0rCEz+u9C
T4RMMoe9Xp9LmFH6B3LYv1EC0tItJHMt5Es9OianKPIpqSMwjQWvjbsuU1L8jAc3
9qlXWRNTqbiPYzR0Wuzqa+XXVqGUOqucgtDUF9iaNN+BjjVUkEfcYiLJzS/F1fhW
sk8FWrJH5kf4jT/DMGCJEoGHKWETauiMWLbTBYF8LYylOhXY3zVKryLj3fmkiUmf
Ha+tx/H6PuJlX9GwOYQ5Rq3lRGBoZKfE9q0okV1/KGzW2PsZ078=
=wSib
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1440-1] libarchive-zip-perl security update
Next by Date: [SECURITY] [DLA 1442-1] mailman security update
Previous by thread: [SECURITY] [DLA 1440-1] libarchive-zip-perl security update
Next by thread: [SECURITY] [DLA 1442-1] mailman security update
Index(es):
- Date
- Thread