Launchpad.net

CVE 2016-6893

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Related bugs and status

CVE-2016-6893 (Candidate) is related to these bugs:

Bug #1614841: CSRF protection needs to be extended to the user options page

Summary				In	Importance	Status
	1614841	CSRF protection needs to be extended to the user options page		GNU Mailman	Medium	Fix Released

Bug #1632244: CVE-2016-6893 in Mailman

		In	Importance	Status
1632244	CVE-2016-6893 in Mailman	mailman (Ubuntu)	Medium	Fix Released
1632244	CVE-2016-6893 in Mailman	mailman (Ubuntu Precise)	Medium	Fix Released
1632244	CVE-2016-6893 in Mailman	mailman (Ubuntu Yakkety)	Medium	Fix Released
1632244	CVE-2016-6893 in Mailman	mailman (Ubuntu Trusty)	Medium	Fix Released
1632244	CVE-2016-6893 in Mailman	mailman (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
BID: 92731
DEBIAN: DSA-3668
SECTRACK: 1036728