Sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mailman (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: path traversal vulnerability
- debian/
Mailman/
- CVE-2015-2775
* SECURITY UPDATE: path traversal vulnerability
- debian/
Mailman/
- CVE-2015-2775
CVE has been fixed in Debian, as well.
Changelog entries since current wily version 1:2.1.18-1ubuntu1:
mailman (1:2.1.18-2) unstable; urgency=high
* Fix security issue: path traversal through local_part.
Affects installations which use an Exim or Postfix transport
instead of fixed aliases; attacker needs to be able to place
files on the local filesystem.
(CVE-2015-2775, Closes: 781626)
-- Thijs Kinkhorst <email address hidden> Mon, 06 Apr 2015 15:36:15 +0000
CVE References
Changed in mailman (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package mailman - 1:2.1.18-2
Sponsored for Artur Rona (ari-tczew)
---------------
mailman (1:2.1.18-2) unstable; urgency=high
* Fix security issue: path traversal through local_part.
Affects installations which use an Exim or Postfix transport
instead of fixed aliases; attacker needs to be able to place
files on the local filesystem.
(CVE-2015-2775, Closes: 781626)
-- Thijs Kinkhorst <email address hidden> Mon, 06 Apr 2015 15:36:15 +0000