DescriptionDirectory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SA:2005:007, published Monday, Feb 14th 2005 10:30 MET