Mailman is a program used to help manage email discussion lists.
Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list’s “listinfo” page. (CVE-2010-3089)
Red Hat would like to thank Mark Sapiro for reporting these issues.
Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | mailman | < 2.1.12-14.el6_0.2 | mailman-2.1.12-14.el6_0.2.i686.rpm |
RedHat | 6 | i686 | mailman-debuginfo | < 2.1.12-14.el6_0.2 | mailman-debuginfo-2.1.12-14.el6_0.2.i686.rpm |
RedHat | 6 | src | mailman | < 2.1.12-14.el6_0.2 | mailman-2.1.12-14.el6_0.2.src.rpm |
RedHat | 6 | s390x | mailman-debuginfo | < 2.1.12-14.el6_0.2 | mailman-debuginfo-2.1.12-14.el6_0.2.s390x.rpm |
RedHat | 6 | s390x | mailman | < 2.1.12-14.el6_0.2 | mailman-2.1.12-14.el6_0.2.s390x.rpm |
RedHat | 6 | x86_64 | mailman-debuginfo | < 2.1.12-14.el6_0.2 | mailman-debuginfo-2.1.12-14.el6_0.2.x86_64.rpm |
RedHat | 6 | ppc64 | mailman-debuginfo | < 2.1.12-14.el6_0.2 | mailman-debuginfo-2.1.12-14.el6_0.2.ppc64.rpm |
RedHat | 6 | x86_64 | mailman | < 2.1.12-14.el6_0.2 | mailman-2.1.12-14.el6_0.2.x86_64.rpm |
RedHat | 6 | ppc64 | mailman | < 2.1.12-14.el6_0.2 | mailman-2.1.12-14.el6_0.2.ppc64.rpm |