Source: sympa Version: 6.2.40~dfsg-7 Severity: important Tags: security upstream Forwarded: https://github.com/sympa-community/sympa/issues/1009 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for sympa, but this is mainly for having a tracking bug in Debian. CVE-2020-26880[0]: | Sympa through 6.2.57b.2 allows a local privilege escalation from the | sympa user account to full root access by modifying the sympa.conf | configuration file (which is owned by sympa) and parsing it through | the setuid sympa_newaliases-wrapper executable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-26880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26880 [1] https://github.com/sympa-community/sympa/issues/1009 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
