Re: [SECURITY] [DSA 3134-1] sympa security update
hej,
du har säkert sett
-uffe
On 20.1.2015 22:51, Salvatore Bonaccorso wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3134-1 security@debian.org
> http://www.debian.org/security/ Salvatore Bonaccorso
> January 20, 2015 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : sympa
>
> A vulnerability has been discovered in the web interface of sympa, a
> mailing list manager. An attacker could take advantage of this flaw in
> the newsletter posting area, which allows sending to a list, or to
> oneself, any file located on the server filesystem and readable by the
> sympa user.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 6.1.11~dfsg-5+deb7u2.
>
> For the upcoming stable distribution (jessie), this problem will be
> fixed soon.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 6.1.23~dfsg-2.
>
> We recommend that you upgrade your sympa packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
>
>
--
Ulf Pensar
Chefplanerare/Datasäkerhetschef
Datacentralen
Tel: +358 050-5643735
Hanken Svenska handelshögskolan
Biblioteksgatan 16
Box 287, 65101 VASA, FINLAND
Reply to: