[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: [SECURITY] [DSA 3134-1] sympa security update
From:       Uffe Pensar <upensar () hanken ! fi>
Date:       2015-01-21 6:22:46
Message-ID: 54BF45B6.30708 () hanken ! fi
[Download RAW message or body]

hej,

du  har säkert sett

-uffe


On 20.1.2015 22:51, Salvatore Bonaccorso wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3134-1                   security@debian.org
> http://www.debian.org/security/                      Salvatore Bonaccorso
> January 20, 2015                       http://www.debian.org/security/faq
> -------------------------------------------------------------------------
> 
> Package        : sympa
> 
> A vulnerability has been discovered in the web interface of sympa, a
> mailing list manager. An attacker could take advantage of this flaw in
> the newsletter posting area, which allows sending to a list, or to
> oneself, any file located on the server filesystem and readable by the
> sympa user.
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 6.1.11~dfsg-5+deb7u2.
> 
> For the upcoming stable distribution (jessie), this problem will be
> fixed soon.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 6.1.23~dfsg-2.
> 
> We recommend that you upgrade your sympa packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> 
> 

-- 
Ulf Pensar
Chefplanerare/Datasäkerhetschef
Datacentralen

Tel: +358 050-5643735

Hanken Svenska handelshögskolan
Biblioteksgatan 16
Box 287, 65101 VASA, FINLAND


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/54BF45B6.30708@hanken.fi

[prev in list] [next in list] [prev in thread] [next in thread]