Synopsis:          Moderate: mailman security and bug fix update
Advisory ID:       SLSA-2020:1054-1
Issue Date:        2020-04-07
CVE Numbers:       CVE-2018-0618
                   CVE-2018-13796
--

* mailman: Cross-site scripting vulnerability allows malicious listowners
    to inject scripts into listinfo pages
    
* mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to
    display arbitrary text on trusted sites
--

SL7
  x86_64
    mailman-2.1.15-30.el7.x86_64.rpm
    mailman-debuginfo-2.1.15-30.el7.x86_64.rpm

- Scientific Linux Development Team