Synopsis:	Moderate: mailman security update
Issue date:	2011-03-01
CVE Names:	CVE-2008-0564 CVE-2010-3089 CVE-2011-0707

Multiple input sanitization flaws were found in the way Mailman 
displayed usernames of subscribed users on certain pages. If a user who 
is subscribed to a mailing list were able to trick a victim into 
visiting one of those pages, they could perform a cross-site scripting 
(XSS) attack against the victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman 
displayed mailing list information. A mailing list administrator could 
use this flaw to conduct a cross-site scripting (XSS) attack against 
victims viewing a list's "listinfo" page. (CVE-2008-0564, CVE-2010-3089)


SL 4.x

      SRPMS:
mailman-2.1.5.1-34.rhel4.7.src.rpm
      i386:
mailman-2.1.5.1-34.rhel4.7.i386.rpm
      x86_64:
mailman-2.1.5.1-34.rhel4.7.x86_64.rpm

SL 5.x

      SRPMS:
mailman-2.1.9-6.el5_6.1.src.rpm
      i386:
mailman-2.1.9-6.el5_6.1.i386.rpm
      x86_64:
mailman-2.1.9-6.el5_6.1.x86_64.rpm

-Connie Sieh
-Troy Dawson