lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YDflS-0007td-4D@master.debian.org>
Date: Tue, 20 Jan 2015 20:51:06 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3134-1] sympa security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3134-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
January 20, 2015                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sympa

A vulnerability has been discovered in the web interface of sympa, a
mailing list manager. An attacker could take advantage of this flaw in
the newsletter posting area, which allows sending to a list, or to
oneself, any file located on the server filesystem and readable by the
sympa user.

For the stable distribution (wheezy), this problem has been fixed in
version 6.1.11~dfsg-5+deb7u2.

For the upcoming stable distribution (jessie), this problem will be
fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 6.1.23~dfsg-2.

We recommend that you upgrade your sympa packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUvr98AAoJEAVMuPMTQ89E9YEQAIrc76Jm5KKennU4THbef6ES
y07FqUbZ+zV0pKynLrQCMJsCaxkBFaa6qJlkX1i+MwfU0U5m/iI1xVU6ucRPR5K+
IkiH/R4izhtv/wN708dOuV5sD3hLSiBzDKSYZffs4gJ1D9rNm8ARxCYU5bVIVJFG
X/5eIATssoq4S0ttdYo1rQONsj8vUucivJyzFhaRGC0s5FeBpFTmQ6gVB6guE5Cu
hNnYlVrKrEqTksYX/pQsGQxG9YhFfnpcTl/Ufdn+wzKQnYix6RUH+8om6oWF+Xs3
1gVr6+dHzCS6h2fLzbX/Jn5F5o7o610+Xcrvw9Bq0GHOHdxEhZpcSzXS8ealXbeq
76Y3cgH7jOm3Y6Cltbu/awHD9zw6t5HqlVwNc2lfLCKDSao0YAUou2F2y4GuU8Tr
E6EiJ8UAsOjCXjn/7tk0pNaK3JHLMY/x20tOYPcS4W9vjxu63P4EmRdsfr9Sz8c9
bT+/V9UnR4P/ZE0hCuApjwWMyI/wOWw4qay1ar5KDvOoIGx/a9j4sX5BlxMv9m4H
g1aHxP03xLK4ost6wZ2lqpWVW5ExLqYZkU3dou3A6Tpv0xaStnMOwgWWa3CTYd1X
jztVTiSAJcVdjtzGZETq1DPXzlvVnHhJp+E/HuDYJ/bSnNYtR+oYXJ1KMObRDjpW
t8MYmOXE+qJKld6nNjrY
=sKvH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ