CVE-2015-1306
Published: 22 January 2015
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
sympa Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(6.1.23~dfsg-2)
|
| bionic |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| cosmic |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| disco |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| lucid |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(6.1.23~dfsg-2, 6.1.24, 6.0.10)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| wily |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| xenial |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| yakkety |
Not vulnerable
(6.1.23~dfsg-2)
|
|
| zesty |
Not vulnerable
(6.1.23~dfsg-2)
|
References
- https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
- https://www.sympa.org/security_advisories
- http://www.openwall.com/lists/oss-security/2015/01/20/4
- http://www.debian.org/security/2015/dsa-3134
- http://secunia.com/advisories/62442
- http://secunia.com/advisories/62387
- https://www.cve.org/CVERecord?id=CVE-2015-1306
- NVD
- Launchpad
- Debian