Synopsis: Moderate: mailman security update Issue date: 2011-03-01 CVE Names: CVE-2010-3089 CVE-2011-0707 Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707) Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2010-3089) SL 6.x SRPMS: mailman-2.1.12-14.el6_0.2.src.rpm i386: mailman-2.1.12-14.el6_0.2.i686.rpm x86_64: mailman-2.1.12-14.el6_0.2.x86_64.rpm -Connie Sieh -Troy Dawson