Mailman-coders January 2021

mailman-coders@python.org

1 participants
2 discussions

[Bug 1609516] [NEW] [needs-packaging] GNU Mailman v3

by Kẏra

Public bug reported: Mailman 3 is essentially five projects: Mailman Core Postorius - The Web UI for Mailman Mailman Client - The REST API Client HyperKitty - The Archiver for Mailman Mailman Bundler - Installer for Mailman Suite including all above projects URL: https://www.gnu.org/software/mailman/ ** Affects: mailman Importance: Undecided Status: New ** Affects: ubuntu Importance: Undecided Status: New ** Affects: debian Importance: Unknown Status: Unknown ** Tags: needs-packaging ** Bug watch added: Debian Bug tracker #799292 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799292 ** Also affects: debian via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799292 Importance: Unknown Status: Unknown ** Also affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1609516 Title: [needs-packaging] GNU Mailman v3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1609516/+subscriptions

2 months, 1 week

[Bug 1913241] [NEW] A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

by Abderrahmane Sahnoun

*** This bug is a security vulnerability *** Private security bug reported: A URL with a very long text listname such as https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. This issue was discovered by Abderrahmane Sahnoun <x.virusdz0(a)gmail.com>. same as CVE-2018-13796 ** Affects: mailman Importance: Undecided Assignee: Abderrahmane Sahnoun (xvirusdz) Status: New ** Changed in: mailman Assignee: (unassigned) => Abderrahmane Sahnoun (xvirusdz) ** Description changed: hi team, im Abderrahmane Sahnoun Algerian Security Researcher when i was exploring your website i have found a bug witch done the possibility to A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site in GNU Mailman 2.1.33. it's the same like CVE-2018-13796 here a example of it: - https://homewalkers.net/mailman/roster/wassim + https://homewalkers.net/mailman/roster/type_any_thing_here I await your reply at the earliest time Sincerely; ** Description changed: - hi team, - im Abderrahmane Sahnoun Algerian Security Researcher when i was exploring your website i have found a bug witch done the possibility to A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site in GNU Mailman 2.1.33. - it's the same like CVE-2018-13796 - here a example of it: - https://homewalkers.net/mailman/roster/type_any_thing_here - I await your reply at the earliest time - Sincerely; + A URL with a very long text listname such as + https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… + will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. + + This issue was discovered by Abderrahmane Sahnoun + <x.virusdz0(a)gmail.com>. ** Changed in: mailman Assignee: Abderrahmane Sahnoun (xvirusdz) => (unassigned) ** Description changed: A URL with a very long text listname such as https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. - This issue was discovered by Abderrahmane Sahnoun - <x.virusdz0(a)gmail.com>. + This issue was discovered by Abderrahmane Sahnoun <x.virusdz0(a)gmail.com>. + same as CVE-2018-13796 ** Changed in: mailman Assignee: (unassigned) => Abderrahmane Sahnoun (xvirusdz) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1913241 Title: A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1913241/+subscriptions

6 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Mailman-coders January 2021