Comment 14 for bug 199338

This bug was fixed in the package mailman - 1:2.1.9-4ubuntu1.1

---------------
mailman (1:2.1.9-4ubuntu1.1) feisty-security; urgency=low

  * debian/control:
   + updated maintainer field
  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman
      before 2.1.10b1 allow remote attackers to inject arbitrary web
      script or HTML via unspecified vectors related to (1) editing
      templates and (2) the list's "info attribute" in the web
      administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden> Fri, 07 Mar 2008 05:38:51 +0100