Sven Hartge

**Name of the Vulnerable Software and Affected Versions** pktstat version 1.8.5 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. This is due to a problem in tmp smtp.c. **Recommendations** For pktstat version 1.8.5, consider restricting access to /tmp/smtp.log to prevent a symlink attack until a patch is available.

Name of the Vulnerable Software and Affected Versions: Mailman versions 2.1.5 and earlier Description: The issue allows remote attackers to cause a denial of service, specifically mailing list delivery failure, by sending a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. This is related to the attachment scrubber (Scrubber.py) when using Python's library email module 2.5. Recommendations: For Mailman versions 2.1.5 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict the handling of multipart MIME messages with unusual boundary formats to minimize the risk of exploitation.