[SECURITY] [DLA 608-1] mailman security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 608-1] mailman security update
From: Chris Lamb <lamby@debian.org>
Date: Fri, 02 Sep 2016 10:01:58 +0100
Message-id: <[🔎] 1472806918.503155.713630737.034C2B97@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mailman
Version        : 1:2.1.15-1+deb7u2
CVE ID         : CVE-2016-6893
Debian Bug     : 835970

It was discovered that there was a CSRF vulnerability in mailman, a
web-based mailing list manager, which could allow an attacker to obtain
a user's password.

For Debian 7 "Wheezy", this issue has been fixed in mailman version
1:2.1.15-1+deb7u2.

We recommend that you upgrade your mailman packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXyUAAAAoJEB6VPifUMR5YjZUQAKkWf8T8HVfHHkL/8YN+U3DM
8SdzociCB0KrkqPXi4yxpHv1RsCragJYtzwVJNwBsKc5gbHEbj/2xjxx00qmhyK6
RxJuhBpXL88tM3o/HCJ220NyGYsGFhOFQI+U55gfpDuHKcobYU0pd5PLXDLDMV4Z
D9tYLSXg8z737K9NQsXjv2d1qsthOdXH2TsB6L+32eD1LeE4dm2X7kMahbMlLmPw
8gwXwJJJ6n7i/Rb8gWjFvciYI1bq8+DZo5V8WFiX/Wgpe4LKU94crrZLQeX3sGhp
EjWU+BvhbZ0Fu1Hb5BnZdgkmIJgVmOWW7+Y558GLgjXFwPn1GCWDfEBpgyEO0xAt
FN4Z/afc9K5C/hSgjodHYMXIyNqhsRoPU7uygfLzWh2yZYq96XbYDrzLwVvXtLSZ
0+H7P7l9CTr6l1SepRhL9eauo5g0qGgC6uS6gXFkMRbcrj9zJLNHg4tpBYs8eX0x
pAf9KCN6UHsbfprcZSGk3pIJPlOhnV6alNojaYDmd74bHtZkZ+B4CWekpOGmUMRx
tLmRGU+lpK5+V9t1kYKwW/KqRscf10wMpYmLhsgDv3V67j2/cKL215a/A/3m2woR
+wYhQ4ujMaoOjGJk9dIcP1ifGOQi3JD3wKx0Hx6YfmfpQJnz9FYv+4YeiM9r9bj3
8u/PVe0KgeVEygtkP4rT
=IO8Z
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 560-2] cacti regression update
Next by Date: [SECURITY] [DLA 609-1] linux security update
Previous by thread: [SECURITY] [DLA 560-2] cacti regression update
Next by thread: [SECURITY] [DLA 609-1] linux security update
Index(es):
- Date
- Thread