Synopsis:	Moderate: mailman security update
Issue date:	2011-03-01
CVE Names:	CVE-2010-3089 CVE-2011-0707

Multiple input sanitization flaws were found in the way Mailman 
displayed usernames of subscribed users on certain pages. If a user who 
is subscribed to a mailing list were able to trick a victim into 
visiting one of those pages, they could perform a cross-site scripting 
(XSS) attack against the victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman 
displayed mailing list information. A mailing list administrator could 
use this flaw to conduct a cross-site scripting (XSS) attack against 
victims viewing a list's "listinfo" page. (CVE-2010-3089)

SL 6.x

      SRPMS:
mailman-2.1.12-14.el6_0.2.src.rpm
      i386:
mailman-2.1.12-14.el6_0.2.i686.rpm
      x86_64:
mailman-2.1.12-14.el6_0.2.x86_64.rpm

-Connie Sieh
-Troy Dawson