From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3214-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
April 06, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mailman
CVE ID : CVE-2015-2775
Debian Bug : 781626

A path traversal vulnerability was discovered in Mailman, the mailing
list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static
aliases were vulnerable to a path traversal attack. To successfully
exploit this, an attacker needs write access on the local file system.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.15-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.1.18-2.

We recommend that you upgrade your mailman packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVIr3sAAoJEFb2GnlAHawEdfwH/jmuts55on4WN4fPjDRYi0CG wmStOe5GFOu7vX56Xjvwhyx4MB4ALzV9vTM3UBAiwHDt1tRPNGjSW38MMUxVCple VnhzIOeneM93pd7UtzO+n8avUlXN5uyGMPlc4Qy7EC4Ql/1s6/h/b2ZImfSHxpyG FaEQG7U6MDZdiUI9ZtX6rOj9TcxNT3WyRpWqlA5McUGio0y5CV5gc+/zdyhvApo7 wbqMpALrI6XfeZj1ozfD3feRM0wnER5K8rrwRqZkn14l+T7iv/Rp5HiTJWLcOi1W RXsHRGMC3mWTrWzYcHpWJLbMA5Zxr7Z8toiHaiahikVR1Fh6OuYLwGD0QDnhlUY=
=9fjr
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)