MDKSA-2005:037
- Package name
- mailman
- Date
- 2005-02-14
- Advisory ID
- MDKSA-2005:037
- Affected versions
- CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64
Problem description
A vulnerability was discovered in Mailman, which allows a remote directory traversal exploit using URLs of the form ".../....///" to access private Mailman configuration data. The vulnerability lies in the Mailman/Cgi/private.py file. Updated packages correct this issue.
Updated packages
CS2.1 x86_64
eb01c4300056aec9ed25b79906ba564a x86_64/corporate/2.1/RPMS/mailman-2.0.14-1.3.C21mdk.i586.rpm f5bdc329649f114e49d8346406a34957 x86_64/corporate/2.1/SRPMS/mailman-2.0.14-1.3.C21mdk.src.rpm
10.0 amd64
7b2ba12c273fd6f39b2a98a533fe1029 amd64/10.0/RPMS/mailman-2.1.4-2.3.100mdk.amd64.rpm 6e1afd0483efcc74c780dd2a7533263a amd64/10.0/SRPMS/mailman-2.1.4-2.3.100mdk.src.rpm
10.1 i586
d2382f8a1d35bbf90ac29729d67f5508 10.1/RPMS/mailman-2.1.5-7.3.101mdk.i586.rpm 8db653937cb2b97d7ab637b1e573c212 10.1/SRPMS/mailman-2.1.5-7.3.101mdk.src.rpm
10.0 i586
2962bcf8974ad0f4f0e47fa957a8a276 10.0/RPMS/mailman-2.1.4-2.3.100mdk.i586.rpm 6e1afd0483efcc74c780dd2a7533263a 10.0/SRPMS/mailman-2.1.4-2.3.100mdk.src.rpm
CS3.0 x86_64
5c8a3cb930e10b38fbd8639ca942f329 x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.3.C30mdk.x86_64.rpm d2642df15ee5a3e0bf965cf23563157c x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.3.C30mdk.src.rpm
CS3.0 i586
e6df81bf7b44a9a02a9fc44910be76b0 corporate/3.0/RPMS/mailman-2.1.4-2.3.C30mdk.i586.rpm d2642df15ee5a3e0bf965cf23563157c corporate/3.0/SRPMS/mailman-2.1.4-2.3.C30mdk.src.rpm
CS2.1 i586
eb01c4300056aec9ed25b79906ba564a corporate/2.1/RPMS/mailman-2.0.14-1.3.C21mdk.i586.rpm f5bdc329649f114e49d8346406a34957 corporate/2.1/SRPMS/mailman-2.0.14-1.3.C21mdk.src.rpm
10.1 x86_64
d4e2e15b0e16b4cb4db4e31c01ea71a9 x86_64/10.1/RPMS/mailman-2.1.5-7.3.101mdk.x86_64.rpm 8db653937cb2b97d7ab637b1e573c212 x86_64/10.1/SRPMS/mailman-2.1.5-7.3.101mdk.src.rpm