drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Sympa
Name: |
Preisgabe von Informationen in Sympa |
|
ID: |
DSA-3134-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
Mi, 21. Januar 2015, 07:38 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Sympa |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3134-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : sympa
A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user.
For the stable distribution (wheezy), this problem has been fixed in version 6.1.11~dfsg-5+deb7u2.
For the upcoming stable distribution (jessie), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 6.1.23~dfsg-2.
We recommend that you upgrade your sympa packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUvr98AAoJEAVMuPMTQ89E9YEQAIrc76Jm5KKennU4THbef6ES y07FqUbZ+zV0pKynLrQCMJsCaxkBFaa6qJlkX1i+MwfU0U5m/iI1xVU6ucRPR5K+ IkiH/R4izhtv/wN708dOuV5sD3hLSiBzDKSYZffs4gJ1D9rNm8ARxCYU5bVIVJFG X/5eIATssoq4S0ttdYo1rQONsj8vUucivJyzFhaRGC0s5FeBpFTmQ6gVB6guE5Cu hNnYlVrKrEqTksYX/pQsGQxG9YhFfnpcTl/Ufdn+wzKQnYix6RUH+8om6oWF+Xs3 1gVr6+dHzCS6h2fLzbX/Jn5F5o7o610+Xcrvw9Bq0GHOHdxEhZpcSzXS8ealXbeq 76Y3cgH7jOm3Y6Cltbu/awHD9zw6t5HqlVwNc2lfLCKDSao0YAUou2F2y4GuU8Tr E6EiJ8UAsOjCXjn/7tk0pNaK3JHLMY/x20tOYPcS4W9vjxu63P4EmRdsfr9Sz8c9 bT+/V9UnR4P/ZE0hCuApjwWMyI/wOWw4qay1ar5KDvOoIGx/a9j4sX5BlxMv9m4H g1aHxP03xLK4ost6wZ2lqpWVW5ExLqYZkU3dou3A6Tpv0xaStnMOwgWWa3CTYd1X jztVTiSAJcVdjtzGZETq1DPXzlvVnHhJp+E/HuDYJ/bSnNYtR+oYXJ1KMObRDjpW t8MYmOXE+qJKld6nNjrY =sKvH -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1YDflS-0007td-4D@master.debian.org
|
|
|
|