NIXPKGS-2025-0008

published on 19 Sep 2025

Permalink CVE-2025-53882

updated 4 months, 2 weeks ago by @Erethon Activity log

Created automatic suggestion 6 months, 1 week ago
@Erethon accepted 6 months, 1 week ago
@Erethon published on GitHub 4 months, 2 weeks ago

python-mailmans logrotate configuration allows potential escalation from mailman to root

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation from mailman to rootThis issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.

Affected products

mailman3

<3.3.10-2.1

Matching in nixpkgs

pkgs.python311Packages.django-mailman3

Django library for Mailman UIs

nixos-unstable mailman3-1.3.15
- nixpkgs-unstable mailman3-1.3.15
- nixos-unstable-small mailman3-1.3.15

pkgs.python312Packages.django-mailman3

Django library for Mailman UIs

nixos-unstable mailman3-1.3.15
- nixpkgs-unstable mailman3-1.3.15
- nixos-unstable-small mailman3-1.3.15

Package maintainers

@alyssais Alyssa Ross <hi@alyssa.is>

Nixpkgs Security Tracker

Details of issue NIXPKGS-2025-0008

Affected products

Matching in nixpkgs

pkgs.python311Packages.django-mailman3

pkgs.python312Packages.django-mailman3

Package maintainers