sympa - Debian Package Tracker

general

source: sympa (main)
version: 6.2.74~dfsg-1
maintainer: Debian Sympa team (DMD)
uploaders: Stefan Hornburg (Racke) [DMD] – Emmanuel Bouthenot [DMD]
arch: any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 6.2.40~dfsg-1+deb10u1
o-o-sec: 6.2.40~dfsg-1+deb10u1
oldstable: 6.2.60~dfsg-4
old-bpo: 6.2.70~dfsg-1~bpo11+1
stable: 6.2.70~dfsg-2
testing: 6.2.72~dfsg-1
unstable: 6.2.74~dfsg-1

versioned links

6.2.40~dfsg-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.60~dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.70~dfsg-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.70~dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.72~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.74~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

sympa (27 bugs: 0, 16, 11, 0)

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2020-26880: Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
CVE-2024-55919:

Created: 2023-06-11 Last update: 2025-01-18 00:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-26880: Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

Created: 2022-07-04 Last update: 2025-01-18 00:30

3 security issues in bullseye high

There are 3 open security issues in bullseye.

1 important issue:

CVE-2024-55919:

2 issues postponed or untriaged:

CVE-2020-26880: (postponed; to be fixed through a stable update) Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
CVE-2021-46900: (needs triaging) Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.

Created: 2024-12-16 Last update: 2025-01-18 00:30

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2024-55919:

1 issue left for the package maintainer to handle:

CVE-2020-26880: (postponed; to be fixed through a stable update) Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-06-10 Last update: 2025-01-18 00:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-01-20 13:32

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-01-18 Last update: 2025-01-18 04:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-01-17 23:01

testing migrations

excuses:
- Migration status for sympa (6.2.72~dfsg-1 to 6.2.74~dfsg-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 2 of 5 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/s/sympa.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Reproducible on armhf - info ♻
- ∙ ∙ Waiting for reproducibility test results on i386 - info ♻
- Not considered

news

[rss feed]

[2025-01-17] Accepted sympa 6.2.74~dfsg-1 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2024-07-20] sympa 6.2.72~dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-07-15] Accepted sympa 6.2.72~dfsg-1 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2023-02-01] sympa 6.2.70~dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-01-26] Accepted sympa 6.2.70~dfsg-2 (source) into unstable (Emmanuel Bouthenot)
[2022-12-08] Accepted sympa 6.2.70~dfsg-1~bpo11+1 (source amd64) into bullseye-backports (Debian FTP Masters) (signed by: Emmanuel Bouthenot)
[2022-11-21] sympa 6.2.70~dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-15] Accepted sympa 6.2.70~dfsg-1 (source) into unstable (Emmanuel Bouthenot)
[2022-11-15] sympa 6.2.68~dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-09] Accepted sympa 6.2.68~dfsg-1 (source) into unstable (Emmanuel Bouthenot)
[2021-12-17] sympa 6.2.66~dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-12-11] Accepted sympa 6.2.66~dfsg-2 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2021-12-07] Accepted sympa 6.2.66~dfsg-1 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2021-02-18] sympa 6.2.60~dfsg-4 MIGRATED to testing (Debian testing watch)
[2021-02-07] Accepted sympa 6.2.60~dfsg-4 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2021-02-03] sympa 6.2.60~dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-01-31] Accepted sympa 6.2.60~dfsg-3 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2021-01-25] sympa 6.2.60~dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-01-20] Accepted sympa 6.2.60~dfsg-2 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2021-01-10] sympa 6.2.60~dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-01-05] Accepted sympa 6.2.60~dfsg-1 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2021-01-05] sympa 6.2.58~dfsg-6 MIGRATED to testing (Debian testing watch)
[2020-12-30] Accepted sympa 6.2.58~dfsg-6 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-12-30] Accepted sympa 6.2.58~dfsg-5 (source) into experimental (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-12-29] Accepted sympa 6.2.58~dfsg-4 (source) into experimental (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-12-28] Accepted sympa 6.2.40~dfsg-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sylvain Beucler)
[2020-12-23] Accepted sympa 6.2.40~dfsg-1+deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Sylvain Beucler)
[2020-12-17] Accepted sympa 6.2.16~dfsg-3+deb9u5 (source) into oldstable (Sylvain Beucler)
[2020-12-13] Accepted sympa 6.2.58~dfsg-3 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-11-28] Accepted sympa 6.2.58~dfsg-2 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)

bugs [bug history graph]

all: 28
RC: 0
I&N: 17
M&W: 11
F&P: 0
patch: 1

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (90, 40)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.2.74~dfsg-1
31 bugs (2 patches)