Fix for path traversal vulnerability.

author: Mark Sapiro <mark@msapiro.net> 2015-03-27 14:12:16 -0700
committer: Mark Sapiro <mark@msapiro.net> 2015-03-27 14:12:16 -0700
commit: d3124395a3abfe0ccd9f1c37096292bfbe939a85 (patch)
tree: b467552f192b40d48b13697a5d0ba1e407136abf /NEWS
parent: f7f85e8b85b027a919705895f80b63c5d03d727c (diff)
download: mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.gz
mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.xz
mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index b021f309..94571b4a 100755
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,15 @@ Copyright (C) 1998-2015 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
-2.1.20 (xx-xxx-xxxx)
+2.1.20 (31-Mar-2015)
+
+  Security
+
+    - A path traversal vulnerability has been discovered and fixed.  This
+      vulnerability is only exploitable by a local user on a Mailman server
+      where the suggested Exim transport, the Postfix postfix_to_mailman.py
+      transport or some other programmatic MTA delivery not using aliases
+      is employed.  CVE-2015-2775  (LP: #1437145)
 
   New Features
author	Mark Sapiro <mark@msapiro.net>	2015-03-27 14:12:16 -0700
committer	Mark Sapiro <mark@msapiro.net>	2015-03-27 14:12:16 -0700
commit	d3124395a3abfe0ccd9f1c37096292bfbe939a85 (patch)
tree	b467552f192b40d48b13697a5d0ba1e407136abf /NEWS
parent	f7f85e8b85b027a919705895f80b63c5d03d727c (diff)
download	mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.gz mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.tar.xz mailman2-d3124395a3abfe0ccd9f1c37096292bfbe939a85.zip