Package name
mailman
Date
2005-01-24
Advisory ID
MDKSA-2005:015
Affected versions
CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Florian Weimer discovered a vulnerability in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Input is not properly sanitised by "scripts/driver" when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link. (CAN-2004-1177).

Updated packages

CS2.1 x86_64

 0205dc5fd874578803b487dd58baad5e  x86_64/corporate/2.1/RPMS/mailman-2.0.14-1.2.C21mdk.x86_64.rpm
ceef33d5629e03e18760f8c001956664  x86_64/corporate/2.1/SRPMS/mailman-2.0.14-1.2.C21mdk.src.rpm

10.0 amd64

 e8b98f2b51d9f11b87bc0a0391d44099  amd64/10.0/RPMS/mailman-2.1.4-2.2.100mdk.amd64.rpm
fec2dfd480fc02b17ccff70dd99b4db7  amd64/10.0/SRPMS/mailman-2.1.4-2.2.100mdk.src.rpm

10.1 i586

 8dd23a3f24902dfd6c79bf86607652fb  10.1/RPMS/mailman-2.1.5-7.2.101mdk.i586.rpm
60d219904e0b21f46b6d2867d6f180bb  10.1/SRPMS/mailman-2.1.5-7.2.101mdk.src.rpm

10.0 i586

 ae373070860eb1c736fcf66fd2c55d96  10.0/RPMS/mailman-2.1.4-2.2.100mdk.i586.rpm
fec2dfd480fc02b17ccff70dd99b4db7  10.0/SRPMS/mailman-2.1.4-2.2.100mdk.src.rpm

CS3.0 i586

 6ba4581b2060d821d0d95b780fc80f16  corporate/3.0/RPMS/mailman-2.1.4-2.2.C30mdk.i586.rpm
cfaf275a70905bede0d23767dbe1be25  corporate/3.0/SRPMS/mailman-2.1.4-2.2.C30mdk.src.rpm

CS2.1 i586

 6dcfa5a401a8e7fc76a539a62374e18f  corporate/2.1/RPMS/mailman-2.0.14-1.2.C21mdk.i586.rpm
ceef33d5629e03e18760f8c001956664  corporate/2.1/SRPMS/mailman-2.0.14-1.2.C21mdk.src.rpm

10.1 x86_64

 0f6eef6e7475e333a44b6dbead106f64  x86_64/10.1/RPMS/mailman-2.1.5-7.2.101mdk.x86_64.rpm
60d219904e0b21f46b6d2867d6f180bb  x86_64/10.1/SRPMS/mailman-2.1.5-7.2.101mdk.src.rpm

References