MDKSA-2005:015
- Package name
- mailman
- Date
- 2005-01-24
- Advisory ID
- MDKSA-2005:015
- Affected versions
- CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64
Problem description
Florian Weimer discovered a vulnerability in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Input is not properly sanitised by "scripts/driver" when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link. (CAN-2004-1177).
Updated packages
CS2.1 x86_64
0205dc5fd874578803b487dd58baad5e x86_64/corporate/2.1/RPMS/mailman-2.0.14-1.2.C21mdk.x86_64.rpm ceef33d5629e03e18760f8c001956664 x86_64/corporate/2.1/SRPMS/mailman-2.0.14-1.2.C21mdk.src.rpm
10.0 amd64
e8b98f2b51d9f11b87bc0a0391d44099 amd64/10.0/RPMS/mailman-2.1.4-2.2.100mdk.amd64.rpm fec2dfd480fc02b17ccff70dd99b4db7 amd64/10.0/SRPMS/mailman-2.1.4-2.2.100mdk.src.rpm
10.1 i586
8dd23a3f24902dfd6c79bf86607652fb 10.1/RPMS/mailman-2.1.5-7.2.101mdk.i586.rpm 60d219904e0b21f46b6d2867d6f180bb 10.1/SRPMS/mailman-2.1.5-7.2.101mdk.src.rpm
10.0 i586
ae373070860eb1c736fcf66fd2c55d96 10.0/RPMS/mailman-2.1.4-2.2.100mdk.i586.rpm fec2dfd480fc02b17ccff70dd99b4db7 10.0/SRPMS/mailman-2.1.4-2.2.100mdk.src.rpm
CS3.0 i586
6ba4581b2060d821d0d95b780fc80f16 corporate/3.0/RPMS/mailman-2.1.4-2.2.C30mdk.i586.rpm cfaf275a70905bede0d23767dbe1be25 corporate/3.0/SRPMS/mailman-2.1.4-2.2.C30mdk.src.rpm
CS2.1 i586
6dcfa5a401a8e7fc76a539a62374e18f corporate/2.1/RPMS/mailman-2.0.14-1.2.C21mdk.i586.rpm ceef33d5629e03e18760f8c001956664 corporate/2.1/SRPMS/mailman-2.0.14-1.2.C21mdk.src.rpm
10.1 x86_64
0f6eef6e7475e333a44b6dbead106f64 x86_64/10.1/RPMS/mailman-2.1.5-7.2.101mdk.x86_64.rpm 60d219904e0b21f46b6d2867d6f180bb x86_64/10.1/SRPMS/mailman-2.1.5-7.2.101mdk.src.rpm