Your submission was sent successfully! Close

CVE-2015-2775

Published: 01 April 2015

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Priority

Medium

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2.1.16-2ubuntu0.1])
Patches:
Upstream: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1553