-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jul 2018 21:14:39 +0200 Source: sympa Binary: sympa Architecture: source amd64 Version: 6.1.23~dfsg-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Sympa team <pkg-sympa-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: sympa - Modern mailing list manager Changes: sympa (6.1.23~dfsg-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1000550: A vulnerability has been discovered in Sympa web interface that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the server filesystem, using the function of Sympa web interface template file saving. Checksums-Sha1: 81ba824111f4087db528ea64d71988433c874025 2695 sympa_6.1.23~dfsg-2+deb8u2.dsc a84df267a1e5ad77f60f8fe2f5fc4893ab0dbc07 2273692 sympa_6.1.23~dfsg.orig.tar.xz e361c629af369b3263e207e05fb61d2261a1a746 91128 sympa_6.1.23~dfsg-2+deb8u2.debian.tar.xz 99deea78d61e1cd3b52cb3b0f573512189f87dd9 2258540 sympa_6.1.23~dfsg-2+deb8u2_amd64.deb Checksums-Sha256: f6972b45eb285a2a56de89a9079cc22d548a16a2eff0056f19ad42fd6f19645a 2695 sympa_6.1.23~dfsg-2+deb8u2.dsc 7d437339f63f60049335e16856c5ee8bbc6f8b9ef23fd18aef1a13f4ab8d6fa5 2273692 sympa_6.1.23~dfsg.orig.tar.xz 96815b0f8143b5c930a8e86f5f871bd7b5787b60cef00020a5978411328fdf6b 91128 sympa_6.1.23~dfsg-2+deb8u2.debian.tar.xz 55997ea0ee2803a07fb854ef6be3a7f1284cb272b9a63c0881f7c3a8834ca28c 2258540 sympa_6.1.23~dfsg-2+deb8u2_amd64.deb Files: 6a4f2d6cf8001014ff864d898f24a362 2695 mail optional sympa_6.1.23~dfsg-2+deb8u2.dsc f3e432cc2b08383a7c1d11c0bae3f25a 2273692 mail optional sympa_6.1.23~dfsg.orig.tar.xz 5af6c000949cdfd3edff8569228106a3 91128 mail optional sympa_6.1.23~dfsg-2+deb8u2.debian.tar.xz 44ecebafbe2b989c12feb52da21dadc9 2258540 mail optional sympa_6.1.23~dfsg-2+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltXgyVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkohAQALlPe78d0fxJlwmYTKxH0ix2dQ9nJfuFXpaE OoGIGdQAw0hqqPZE/eEMqHWshor4SArFmID5wD9LbfvF3JBZxoTX1lZ1L9VyWuNt qN/ts3XG2Hi2moiDuW64hQ6TYDpVRbTDeAAP9tPoe4DKqCl6TJgaAXw853KSj1U/ yOh0SK3trWQWB3kldAM+K8p0sL7jDAhskKq9fL6pOKQLOaSF4syqLe5RSkWY3R1D Ug7uOGaYSdbXezc6ggwWD6YTdKr5DE3RfL6McC59VbCdjBlMzVtbCaMiOld5H63E bNZhW00Cpa4k+E6xozhQFIXD+qfuCmhLelTh1a5Dqhpq7lVF6s4UFbZhKFf/AnO8 disEPA4xgkqdWIVr+VhrwV96gPUF2ufDJsr0r0IG3/8H89jWMBgHkHq/CvOU5fok YEsOHlo4IdBilMzjqqu33CwPPO/A601vyG3xZUSeICIZAuUqSGz7LoG+AgPrCOws k639S44HlJ4JlnZWXD69HqWE+epBEzNB1pvNV0ofuNJD7Ql/GUSib3IpLluH5Qo+ SXNqL9Xh2VUK5M/AbNaIfSrYm6r7nAnahwX1VmQdjypE4HkxSqlDa7oHDSIuXFel D4E+dB6aBenudeGMd/n8Py5XkyloEc6Glmi4NaRQH3G4OTq0figUJOSRtO7kwqfY phTYfcsZ =ayKQ -----END PGP SIGNATURE-----
