Nixpkgs security tracker
NIXPKGS-2025-0008
published on
Permalink
CVE-2025-53882
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
by @Erethon Activity log
- Created automatic suggestion
- @Erethon accepted
- @Erethon published on GitHub
python-mailmans logrotate configuration allows potential escalation from mailman to root
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation from mailman to rootThis issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.
References
Affected products
mailman3
- <3.3.10-2.1
Matching in nixpkgs
pkgs.python311Packages.django-mailman3
Django library for Mailman UIs
-
nixos-unstable mailman3-1.3.15
- nixpkgs-unstable mailman3-1.3.15
- nixos-unstable-small mailman3-1.3.15
pkgs.python312Packages.django-mailman3
Django library for Mailman UIs
-
nixos-unstable mailman3-1.3.15
- nixpkgs-unstable mailman3-1.3.15
- nixos-unstable-small mailman3-1.3.15
Package maintainers
-
@alyssais Alyssa Ross <hi@alyssa.is>