mailman: directory traversal in MTA transports that deliver programmatically
It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman...