Public bug reported: Please sync mailman 1:2.1.18-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped: * SECURITY UPDATE: path traversal vulnerability - debian/patches/CVE-2015-2775.patch: validate list name in Mailman/Utils.py, add comment to Mailman/Defaults.py.in. - CVE-2015-2775 * SECURITY UPDATE: path traversal vulnerability - debian/patches/CVE-2015-2775.patch: validate list name in Mailman/Utils.py, add comment to Mailman/Defaults.py.in. - CVE-2015-2775 CVE has been fixed in Debian, as well. Changelog entries since current wily version 1:2.1.18-1ubuntu1: mailman (1:2.1.18-2) unstable; urgency=high * Fix security issue: path traversal through local_part. Affects installations which use an Exim or Postfix transport instead of fixed aliases; attacker needs to be able to place files on the local filesystem. (CVE-2015-2775, Closes: 781626) -- Thijs Kinkhorst <th...@debian.org> Mon, 06 Apr 2015 15:36:15 +0000 ** Affects: mailman (Ubuntu) Importance: Wishlist Status: New ** Changed in: mailman (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mailman in Ubuntu. https://bugs.launchpad.net/bugs/1454866 Title: Sync mailman 1:2.1.18-2 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1454866/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs