[BlueOnyx:22093] Re: mailman CVE-2015-2775; https://securitytracker.com/id/1032033
Dirk Estenfeld
dirk.estenfeld at blackpoint.de
Tue May 22 03:28:28 -05 2018
Hello,
seems to be only a check for version number.
Thank you for the hint.
Best regards,
Dirk
---
blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel
-----Ursprüngliche Nachricht-----
Von: Blueonyx [mailto:blueonyx-bounces at mail.blueonyx.it] Im Auftrag von Michael Stauber
Gesendet: Samstag, 19. Mai 2018 04:26
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:22087] Re: mailman CVE-2015-2775; https://securitytracker.com/id/1032033
Hi Dirk,
Sorry, I'm down hard with the flu and didn't see this earlier.
> We had a security pentest at one 5209R Server.
> Not too much problems. Only one critical vulnerability from server side
>
> /mailman Use of outdated software critical vulnerability Update software CVE-2015-2775; https://securitytracker.com/id/1032033
>
> @Michael: Are there any plans to update mailman?
That was perhaps a "pentest" that just checked version numbers and not
actual exploitability? Because ...
[root at 5209r ~]# rpm -q --changelog mailman|grep CVE|grep 2775
- fix CVE-2015-2775 - directory traversal in MTA transports
... according to the RPM changelog of Mailman this is since long fixed.
Full entry from the changelog:
* Mi Jun 10 2015 Jan Kaluza <jkaluza at redhat.com> - 3:2.1.15-21
- fix CVE-2015-2775 - directory traversal in MTA transports
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list