Several vulnerabilities were discovered in Sympa, a mailing list
manager, which could result in local privilege escalation, denial of
service or unauthorized access via the SOAP API.
Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is
no longer installed setuid root by default. A new Debconf question is introduced to allow setuid installations in setups where it is needed.
For the stable distribution (buster), these problems have been fixed in
We recommend that you upgrade your sympa packages.