FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- path traversal vulnerability

Affected packages
mailman < 2.1.20
mailman-with-htdig < 2.1.20
ja-mailman < 2.1.14.j7_2,1


VuXML ID a5f160fa-deee-11e4-99f8-080027ef73ec
Discovery 2015-03-27
Entry 2015-04-09
Modified 2015-06-17

Mark Sapiro reports:

A path traversal vulnerability has been discovered and fixed. This vulnerability is only exploitable by a local user on a Mailman server where the suggested Exim transport, the Postfix transport or some other programmatic MTA delivery not using aliases is employed.


CVE Name CVE-2015-2775