[Mailman-Announce] Mailman Security Patch Announcement
Mark Sapiro
mark at msapiro.net
Fri Feb 18 17:01:57 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/13/2011 1:58 PM, Mark Sapiro wrote:
> An XXS vulnerability affecting Mailman 2.1.14 and prior versions has
> recently been discovered. A patch has been developed to address this
> issue. The patch is small, affects only one module and can be applied to
> a live installation without requiring a restart.
>
> In order to accommodate those who need some notice before applying such
> a patch, the patch will be posted on Friday, 18 February at about 16:00
> GMT to the same four lists to which this announcement is addressed.
The vulnerability has been assigned CVE-2011-0707.
The patch is attached as confirm_xss.patch.txt.
- --
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFNXpf1VVuXXpU7hpMRAs1nAJ97r3VEu5b5jl4JhdNv3r6x+ElqjQCghU+w
Gp0hqWatECAYyAIL7IH9dGk=
=8U6M
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: confirm_xss.patch.txt
URL: <http://mail.python.org/pipermail/mailman-announce/attachments/20110218/15500b22/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: confirm_xss.patch.txt.sig
Type: application/octet-stream
Size: 65 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-announce/attachments/20110218/15500b22/attachment.obj>
More information about the Mailman-announce
mailing list