Ubuntu
mailman package

  1. Bug #199338
  2. Comment #13

Comment 13 for bug 199338

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mailman - 1:2.1.9-8ubuntu0.1

---------------
mailman (1:2.1.9-8ubuntu0.1) gutsy-security; urgency=low

  * debian/control:
   + updated maintainer field
  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow
      remote attackers to inject arbitrary web script or HTML via unspecified vectors related
      to (1) editing templates and (2) the list's "info attribute" in the web administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden> Fri, 07 Mar 2008 03:52:46 +0100