[BlueOnyx:22087] Re: mailman CVE-2015-2775; https://securitytracker.com/id/1032033
Michael Stauber
mstauber at blueonyx.it
Fri May 18 21:26:27 -05 2018
Hi Dirk,
Sorry, I'm down hard with the flu and didn't see this earlier.
> We had a security pentest at one 5209R Server.
> Not too much problems. Only one critical vulnerability from server side
>
> /mailman Use of outdated software critical vulnerability Update software CVE-2015-2775; https://securitytracker.com/id/1032033
>
> @Michael: Are there any plans to update mailman?
That was perhaps a "pentest" that just checked version numbers and not
actual exploitability? Because ...
[root at 5209r ~]# rpm -q --changelog mailman|grep CVE|grep 2775
- fix CVE-2015-2775 - directory traversal in MTA transports
... according to the RPM changelog of Mailman this is since long fixed.
Full entry from the changelog:
* Mi Jun 10 2015 Jan Kaluza <jkaluza at redhat.com> - 3:2.1.15-21
- fix CVE-2015-2775 - directory traversal in MTA transports
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list