| Package | sympa |
|---|---|
| Version | 6.2.40~dfsg-1+deb10u2 (buster) |
| Related CVEs | CVE-2024-55919 |
A flaw was found in Sympa’s web interface, a modern mailing list manager. An attacker may bypass authentication by using an arbitrary e-mail address when the generic SSO loging feature was enabled.
For Debian 10 buster, these problems have been fixed in version 6.2.40~dfsg-1+deb10u2.
We recommend that you upgrade your sympa packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.