mlmmj -- insufficient input sanitising

2010-07-20T00:00:00
ID DSA-2073
Type debian
Reporter Debian
Modified 2010-07-20T00:00:00

Description

Florian Streibelt reported a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and/or delete arbitrary files.

For the stable distribution (lenny), these problems have been fixed in version 1.2.15-1.1+lenny1.

For the unstable distribution (sid), these problems have been fixed in version 1.2.17-1.1.

We recommend that you upgrade your mlmmj package.