Unsubscribe On May 20, 2012 11:54 AM, "Florian Weimer" <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2477-1 [email protected] > http://www.debian.org/security/ Florian Weimer > May 20, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : sympa > Vulnerability : authorization bypass > Problem type : remote > Debian-specific: no > CVE ID : CVE-2012-2352 > Debian Bug : > > Several vulnerabilities have been discovered in Sympa, a mailing list > manager, that allow to skip the scenario-based authorization > mechanisms. This vulnerability allows to display the archives > management page, and download and delete the list archives by > unauthorized users. > > For the stable distribution (squeeze), this problem has been fixed in > version 6.0.1+dfsg-4+squeeze1. > > For the testing distribution (wheezy), this problem will be fixed > soon. > > For the unstable distribution (sid), this problem has been fixed in > version 6.1.11~dfsg-2. > > We recommend that you upgrade your sympa packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJPuT+EAAoJEL97/wQC1SS+vxAH/jYCNKyrlOKvMj61ZCc+bxxH > X/kgdQEGgqw70pQYnlxM81hZr1YdK0KgncTiNqa0R9iN3SrVDgYNGJNGOZSxAE+M > zGqduwkeh8QRXpwORb11DKqYIAPxVYvKnJwxHv/SzFskh9Lm4ppX1vdpVZqpDNpd > 8GB2xlgqjb1SKy7YYmGaGIZ6mVMqzG4+bKuix7xIiAkFhu5loQ7mnSaWlgFjeMre > tdy0Gz56rfYfuwcpC0qdEn9tfVUWBVYALG5ZgWt2i1XeMN7dNAu3FRAZvNNmxqMt > YEft+TnXdfre34Vd68kszShRlVaqEqjjtYdAY2pq4Prttqg/vKXGWg139QfJEjE= > =LMTp > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > > >
