CVE-2015-2775

Published: 01 April 2015

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Priority

Status

Package	Release	Status
mailman Launchpad, Ubuntu, Debian	Upstream	Needed






	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [1:2.1.16-2ubuntu0.1])
	Patches: Upstream: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1553

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2775
https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
https://ubuntu.com/security/notices/USN-2558-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781626
https://bugs.launchpad.net/mailman/+bug/1437145

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›