FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- path traversal vulnerability

Affected packages
mailman < 2.1.20
mailman-with-htdig < 2.1.20
ja-mailman < 2.1.14.j7_2,1

Details

VuXML ID a5f160fa-deee-11e4-99f8-080027ef73ec
Discovery 2015-03-27
Entry 2015-04-09
Modified 2015-06-17

Mark Sapiro reports:

A path traversal vulnerability has been discovered and fixed. This vulnerability is only exploitable by a local user on a Mailman server where the suggested Exim transport, the Postfix postfix_to_mailman.py transport or some other programmatic MTA delivery not using aliases is employed.

References

CVE Name CVE-2015-2775
URL https://bugs.launchpad.net/mailman/+bug/1437145
URL https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html