Synopsis: Moderate: mailman security update
Issue date: 2011-03-01
CVE Names: CVE-2008-0564 CVE-2010-3089 CVE-2011-0707
Multiple input sanitization flaws were found in the way Mailman
displayed usernames of subscribed users on certain pages. If a user who
is subscribed to a mailing list were able to trick a victim into
visiting one of those pages, they could perform a cross-site scripting
(XSS) attack against the victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman
displayed mailing list information. A mailing list administrator could
use this flaw to conduct a cross-site scripting (XSS) attack against
victims viewing a list's "listinfo" page. (CVE-2008-0564, CVE-2010-3089)
SL 4.x
SRPMS:
mailman-2.1.5.1-34.rhel4.7.src.rpm
i386:
mailman-2.1.5.1-34.rhel4.7.i386.rpm
x86_64:
mailman-2.1.5.1-34.rhel4.7.x86_64.rpm
SL 5.x
SRPMS:
mailman-2.1.9-6.el5_6.1.src.rpm
i386:
mailman-2.1.9-6.el5_6.1.i386.rpm
x86_64:
mailman-2.1.9-6.el5_6.1.x86_64.rpm
-Connie Sieh
-Troy Dawson