From d3124395a3abfe0ccd9f1c37096292bfbe939a85 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Fri, 27 Mar 2015 14:12:16 -0700
Subject: Fix for path traversal vulnerability.

---
 NEWS | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index b021f309..94571b4a 100755
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,15 @@ Copyright (C) 1998-2015 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
-2.1.20 (xx-xxx-xxxx)
+2.1.20 (31-Mar-2015)
+
+  Security
+
+    - A path traversal vulnerability has been discovered and fixed.  This
+      vulnerability is only exploitable by a local user on a Mailman server
+      where the suggested Exim transport, the Postfix postfix_to_mailman.py
+      transport or some other programmatic MTA delivery not using aliases
+      is employed.  CVE-2015-2775  (LP: #1437145)
 
   New Features
 
-- 
cgit v1.2.3