[Bug 1454866] [NEW] Sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
Artur Rona
ari-tczew at tlen.pl
Wed May 13 22:24:03 UTC 2015
Public bug reported:
Please sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2015-2775.patch: validate list name in
Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
- CVE-2015-2775
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2015-2775.patch: validate list name in
Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
- CVE-2015-2775
CVE has been fixed in Debian, as well.
Changelog entries since current wily version 1:2.1.18-1ubuntu1:
mailman (1:2.1.18-2) unstable; urgency=high
* Fix security issue: path traversal through local_part.
Affects installations which use an Exim or Postfix transport
instead of fixed aliases; attacker needs to be able to place
files on the local filesystem.
(CVE-2015-2775, Closes: 781626)
-- Thijs Kinkhorst <thijs at debian.org> Mon, 06 Apr 2015 15:36:15 +0000
** Affects: mailman (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: mailman (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mailman in Ubuntu.
https://bugs.launchpad.net/bugs/1454866
Title:
Sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1454866/+subscriptions
More information about the Ubuntu-server-bugs
mailing list