Information on source package sympa

Available versions

ReleaseVersion
jessie6.1.23~dfsg-2+deb8u3
stretch6.2.16~dfsg-3+deb9u5
buster6.2.40~dfsg-1+deb10u1
bullseye6.2.60~dfsg-4
bookworm6.2.70~dfsg-2
trixie6.2.72~dfsg-1
sid6.2.72~dfsg-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-55919vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableImproper input validation on generic SSO login
CVE-2021-46900vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedSympa before 6.2.62 relies on a cookie parameter for certain security ...
CVE-2020-29668vulnerablefixedfixedfixedfixedfixedfixedSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API ...
CVE-2020-26932vulnerablefixedfixedfixedfixedfixedfixeddebian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...
CVE-2020-26880vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableSympa through 6.2.57b.2 allows a local privilege escalation from the s ...
CVE-2020-10936vulnerablefixedfixedfixedfixedfixedfixedSympa before 6.2.56 allows privilege escalation.

Resolved issues

BugDescription
CVE-2020-9369Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...
CVE-2018-1000671sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...
CVE-2018-1000550The Sympa Community Sympa version prior to version 6.2.32 contains a D ...
CVE-2015-1306The newsletter posting area in the web interface in Sympa 6.0.x before ...
CVE-2012-2352The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...
CVE-2008-4476sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary file ...
CVE-2008-1648Sympa before 5.4 allows remote attackers to cause a denial of service ...
CVE-2005-0073Buffer overflow in queue.c in a support script for sympa 3.3.3, when r ...
CVE-2004-1735Cross-site scripting (XSS) vulnerability in the create list option in ...

Security announcements

DSA / DLADescription
DSA-4818-1sympa - security update
DLA-2499-1sympa - security update
DLA-2441-1sympa - security update
DLA-2401-1sympa - security update
DLA-1512-1sympa - security update
DSA-4285-1sympa - security update
DLA-1441-1sympa - security update
DLA-148-1sympa - security update
DSA-3134-1sympa - security update
DSA-2477-1sympa - authorization bypass
DSA-1600-1sympa - denial of service
DSA-677-1sympa - buffer overflow

Search for package or bug name: Reporting problems