[CVE-2008-0564] Multiple cross-site scripting (XSS) vulnerabilities in Mailman
Bug #199338 reported by
Emanuele Gentili
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mailman (Gentoo Linux) |
Fix Released
|
Low
|
|||
mailman (Ubuntu) |
Fix Released
|
Low
|
Emanuele Gentili | ||
Dapper |
Fix Released
|
Low
|
Emanuele Gentili | ||
Edgy |
Fix Released
|
Low
|
Emanuele Gentili | ||
Feisty |
Fix Released
|
Low
|
Emanuele Gentili | ||
Gutsy |
Fix Released
|
Low
|
Emanuele Gentili |
Bug Description
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
[1] http://
[2] http://
Changed in mailman: | |
status: | Unknown → Fix Released |
Changed in mailman: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
Changed in mailman (Gentoo Linux): | |
importance: | Unknown → Low |
To post a comment you must log in.
This bug was fixed in the package mailman - 1:2.1.9-9ubuntu1
---------------
mailman (1:2.1.9-9ubuntu1) hardy; urgency=low
* debian/control: patches/ 100_CVE- 2008-0564. dpatch (LP: #199338) cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 0564 bugs.gentoo. org/show_ bug.cgi? id=208710
+ updated maintainer field
* SECURITY UPDATE:
+ debian/
- Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before 2.1.10b1 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors related to (1) editing
templates and (2) the list's "info attribute" in the web
administrator interface.
* References
+ http://
+ http://
-- Emanuele Gentili <email address hidden> Fri, 07 Mar 2008 02:55:22 +0100