-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3214-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
April 06, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mailman
CVE ID         : CVE-2015-2775
Debian Bug     : 781626

A path traversal vulnerability was discovered in Mailman, the mailing
list manager. Installations using a transport script (such as
postfix-to-mailman.py) to interface with their MTA instead of static
aliases were vulnerable to a path traversal attack. To successfully
exploit this, an attacker needs write access on the local file system.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.15-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.1.18-2.

We recommend that you upgrade your mailman packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVIr3sAAoJEFb2GnlAHawEdfwH/jmuts55on4WN4fPjDRYi0CG
wmStOe5GFOu7vX56Xjvwhyx4MB4ALzV9vTM3UBAiwHDt1tRPNGjSW38MMUxVCple
VnhzIOeneM93pd7UtzO+n8avUlXN5uyGMPlc4Qy7EC4Ql/1s6/h/b2ZImfSHxpyG
FaEQG7U6MDZdiUI9ZtX6rOj9TcxNT3WyRpWqlA5McUGio0y5CV5gc+/zdyhvApo7
wbqMpALrI6XfeZj1ozfD3feRM0wnER5K8rrwRqZkn14l+T7iv/Rp5HiTJWLcOi1W
RXsHRGMC3mWTrWzYcHpWJLbMA5Zxr7Z8toiHaiahikVR1Fh6OuYLwGD0QDnhlUY=
=9fjr
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Archive: https://lists.debian.org/20150406171314.A53FD5A6F2@kinkhorst.com