Hi, and thanks for reporting this problem to the Debian tracking system. Upgrading the package to 6.0.7 will also fix the problem.
Cheers, David Le 14/05/12 11:15, George Kargiotakis a écrit :
Package: sympa Version: 6.0.1+dfsg-4 Severity: grave Sympa versions<6.1.11 have a severe security issue where any user can download or delete the archives of a mailing list if they know the name of the list. Debian has been tracking it at http://security-tracker.debian.org/tracker/CVE-2012-2352 I'm attaching a patch (taken from upstream commit: https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&pathrev=7358 ) that fixes the problem -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (800, 'stable'), (650, 'testing'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
