[Mailman-Announce] Mailman Security Patch Announcement

Mark Sapiro mark at msapiro.net
Fri Feb 18 17:01:57 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/13/2011 1:58 PM, Mark Sapiro wrote:
> An XXS vulnerability affecting Mailman 2.1.14 and prior versions has
> recently been discovered. A patch has been developed to address this
> issue. The patch is small, affects only one module and can be applied to
> a live installation without requiring a restart.
> 
> In order to accommodate those who need some notice before applying such
> a patch, the patch will be posted on Friday, 18 February at about 16:00
> GMT to the same four lists to which this announcement is addressed.


The vulnerability has been assigned CVE-2011-0707.

The patch is attached as confirm_xss.patch.txt.

- -- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFNXpf1VVuXXpU7hpMRAs1nAJ97r3VEu5b5jl4JhdNv3r6x+ElqjQCghU+w
Gp0hqWatECAYyAIL7IH9dGk=
=8U6M
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: confirm_xss.patch.txt
URL: <http://mail.python.org/pipermail/mailman-announce/attachments/20110218/15500b22/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: confirm_xss.patch.txt.sig
Type: application/octet-stream
Size: 65 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-announce/attachments/20110218/15500b22/attachment.obj>


More information about the Mailman-announce mailing list