Bug 6164 - mailman possible security issue CVE-2002-0389
Summary: mailman possible security issue CVE-2002-0389
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL: http://lwn.net/Vulnerabilities/499162/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-29 23:23 CEST by David Walser
Modified: 2012-06-14 21:36 CEST (History)
0 users

See Also:
Source RPM: mailman-2.1.13-6.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-05-29 23:23:38 CEST 
SuSE has issued an advisory today (May 29):
http://lists.opensuse.org/opensuse-updates/2012-05/msg00043.html

Existence of this issue seems to be dependent on how it was packaged.

I don't know if this affects us.

More info is here:
https://bugzilla.redhat.com/show_bug.cgi?id=723584
Comment 1 David Walser 2012-06-14 21:36:51 CEST 
According to these lines in the SPEC, I don't believe we're affected:
# fix permissions mess
chmod -R go=u-ws %{buildroot}%{_libdir}/%{name}
chmod 750 %{buildroot}%{_var}/lib/%{name}/archives/private
...
%attr(-,%{uid},apache) %{_var}/lib/%{name}/archives/private

Resolution: (none) => INVALID
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.