[SECURITY] [DLA 1272-1] mailman security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1272-1] mailman security update
From: Abhijith PA <abhijith@disroot.org>
Date: Fri, 9 Feb 2018 08:02:55 +0530
Message-id: <[🔎] 3ccef177-aa74-1e4f-b8b8-d5eafe0919a6@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mailman
Version        : 1:2.1.15-1+deb7u3
CVE ID         : CVE-2018-5950
Debian Bug     : 888201


The mailman package has a Cross-site scripting (XSS) vulnerability in
the web UI before 2.1.26 which allows remote attackers to inject
arbitrary web script or HTML via a user-options URL

For Debian 7 "Wheezy", these problems have been fixed in version
1:2.1.15-1+deb7u3

We recommend that you upgrade your mailman packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlp9CEwACgkQhj1N8u2c
KO8PuQ//bDi8m4cr91CEMD7VZh3EaKl39e8UWTUKK62dxzNlQdfvIIv0zvRncl1m
5ANk3aJa0Oa30nvFpgoeCrNoqaiuIVyxylSk24skjBPIBPwVg8+W14Mp7DgcLXEA
cuT841CBZgerOXLpPGYSK10m072mBRDALUi+eA/EEps9mjb4+8yssDOz1huUyOJW
tqWEzjAIxCP6i8bQkkmw1TKbc3WEGmrFzeq79zjjOEPzVztTE5J3bisUvnIsOf/e
SY4IrgNrmh8MQ/aeu3S8owG5mYnztmrrqZ5SjPU33dG5btul6ZKNBA3RhfG6okI5
TTrI5Odk+KXD51uqwGhAPylQ11Nur7HZnazsxesLIrz18HIFyJREqr30M+vj8Bkc
XHSRaptA1slfX9WFapnUisrWjy29vLD5YpaxMM2kD454G2xlIj5W9rhqHzdXgxPE
Qeb25iAHYu+zp/4UIywCqQZaBWewM9FW9SiIac73BxL4mLwopmQoXz5AmAPPB8sk
AODJr+0/se/7XreAPrDhWMrv9Oql5v3cR4fM4C4Sx4OzZqBcmpohyYWcpeC+0kkV
ovlW2ciia5+o6FoCaKKxdCwsqFwG1ZF1ZHuK9XjkGWp4c7mwQOipgBBUIWX18Euu
cgB/LWVu9w9TPfkjHd7FqRNVn11RukDhGD05sF86ZEsyrltoNx4=
=479P
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA-1271-1] postgresql-9.1 security update
Next by Date: [SECURITY] [DLA 1273-1] simplesamlphp security update
Previous by thread: [SECURITY] [DLA-1271-1] postgresql-9.1 security update
Next by thread: [SECURITY] [DLA 1273-1] simplesamlphp security update
Index(es):
- Date
- Thread