CVE-2015-2775

Published: 1 April 2015

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Priority

Status

Package	Release	Status
mailman Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (1:2.1.14-3ubuntu0.2)
	trusty	Does not exist (trusty was released [1:2.1.16-2ubuntu0.1])
	upstream	Needed
	utopic	Released (1:2.1.18-1ubuntu0.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2775
https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
https://ubuntu.com/security/notices/USN-2558-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781626
https://bugs.launchpad.net/mailman/+bug/1437145

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›