Your submission was sent successfully! Close

CVE-2015-2775

Published: 1 April 2015

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Priority

Medium

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1:2.1.14-3ubuntu0.2)
trusty Does not exist
(trusty was released [1:2.1.16-2ubuntu0.1])
upstream Needed

utopic
Released (1:2.1.18-1ubuntu0.1)