SynopsisThe remote Debian host is missing a security-related update.
DescriptionFlorian Streibelt reported a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and/or delete arbitrary files.
SolutionUpgrade the mlmmj package.
For the stable distribution (lenny), these problems have been fixed in version 1.2.15-1.1+lenny1.