SUSE-SU-2022:1886-1 Security update for mailman

This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI bsc1193316. - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token bsc1192741. - CVE-2021-43331: Fixed XSS in...

OPENSUSE-SU-2021:1452-1 Security update for mailman

This update for mailman fixes the following issues: Update to 2.1.35 to fix 2 security issues: - A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixe...

mailman:2.1 security update

An update is available for mailman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mailman is a program used to help manage e-mail discussion lists. Security...

SUSE-SU-2020:2048-1 Security update for mailman

This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page bsc1173369...

SUSE-SU-2020:14423-1 Security update for mailman

This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page bsc1173369...

OPENSUSE-SU-2020:0764-1 Security update for mailman

This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug boo1171363. Non-security issue fixed: - Don't default to invalid hosts for DEFAULTEMAILHOST boo682920 This update was imported from the openSUSE:Leap:15.1:Update update projec...

SUSE-SU-2020:1301-1 Security update for mailman

This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug bsc1171363. - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion bsc1170558. Non-security issue fixed: - Fixed rights and ownership on...

SUSE-SU-2020:14356-1 Security update for mailman

This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion bsc1170558. Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives bsc1167068...

SUSE-SU-2019:3076-1 Security update for mailman

This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root bsc1154328...

SUSE-SU-2019:14230-1 Security update for mailman

This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root bsc1154328...

SUSE-SU-2019:13924-1 Security update for mailman

This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal vulnerability in MTA...

SUSE-SU-2018:4296-1 Security update for mailman

This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal...

SUSE-SU-2018:1638-1 Security update for mailman

This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery CSRF vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option bsc995352. - Vario...

DSA-674-3 mailman - cross-site scripting, directory traversal

Due to an incompatibility between Python 1.5 and 2.1 the last mailman update did not run with Python 1.5 anymore. This problem is corrected with this update. This advisory only updates the packages updated with DSA 674-2. The version in unstable is not affected since it is not supposed to work wi...

Important: Red Hat Security Advisory: mailman security update

Updated mailman packages to correct a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in the truepath function o...

Important: Red Hat Security Advisory: mailman security update

Updated mailman packages that correct a mailman security issue are now available. The mailman package is software to help manage email discussion lists. A flaw in the truepath function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully...

RHEL 2.1 / 3 : mailman (RHSA-2005:136)

Updated mailman packages that correct a mailman security issue are now available. The mailman package is software to help manage email discussion lists. A flaw in the truepath function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully...

Important: Red Hat Security Advisory: mailman security update

An updated mailman package that closes a DoS vulnerability in mailman introduced by RHSA-2004:019 is now available. Mailman is a mailing list manager. On February 19 2004, Red Hat issued security erratum RHSA-2004:019 to correct a DoS Denial of Service vulnerability where an attacker could send a...

Important: Red Hat Security Advisory: mailman security update

Updated mailman packages that close a DoS vulnerability present in mailman versions prior to version 2.1 are now available. Mailman is a mailing list manager. Matthew Galgoci of Red Hat discovered a Denial of Service DoS vulnerability in versions of Mailman prior to 2.1. An attacker could send a...