CVE-2015-2775
Published: 1 April 2015
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Priority
Status
Package | Release | Status |
---|---|---|
mailman Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1:2.1.14-3ubuntu0.2)
|
|
trusty |
Released
(1:2.1.16-2ubuntu0.1)
|
|
upstream |
Needed
|
|
utopic |
Released
(1:2.1.18-1ubuntu0.1)
|
|
Patches: upstream: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1553 |