[Bug 1454866] [NEW] Sync mailman 1:2.1.18-2 (main) from Debian unstable (main)

Launchpad Bug Tracker 1454866 at bugs.launchpad.net
Wed May 13 22:24:09 UTC 2015


You have been subscribed to a public bug by Artur Rona (ari-tczew):

Please sync mailman 1:2.1.18-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2015-2775.patch: validate list name in
      Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
    - CVE-2015-2775
  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2015-2775.patch: validate list name in
      Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
    - CVE-2015-2775

CVE has been fixed in Debian, as well.

Changelog entries since current wily version 1:2.1.18-1ubuntu1:

mailman (1:2.1.18-2) unstable; urgency=high

  * Fix security issue: path traversal through local_part.
    Affects installations which use an Exim or Postfix transport
    instead of fixed aliases; attacker needs to be able to place
    files on the local filesystem.
    (CVE-2015-2775, Closes: 781626)

 -- Thijs Kinkhorst <thijs at debian.org>  Mon, 06 Apr 2015 15:36:15 +0000

** Affects: mailman (Ubuntu)
     Importance: Wishlist
         Status: New

-- 
Sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1454866
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.



More information about the Ubuntu-sponsors mailing list