Mailman 3 [Bug 1949401] [NEW] Potential XSS attack via the user options page. - Mailman-coders - python.org

newer
[Bug 1950833] [NEW] TypeError in...

[Bug 1949401] [NEW] Potential XSS attack via the user options page.

older
[Bug 1950526] [NEW] Error...

Mark Sapiro

1 Nov 2021 1 Nov '21

3:42 p.m.

*** This bug is a security vulnerability *** Private security bug reported: A crafted URL to the user options page can execute arbitrary javascript. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

Reply

Sign in to reply online Use email software

Show replies by date

Mark Sapiro

4 Nov 4 Nov

8:28 a.m.

New subject: [Bug 1949401] Re: Potential XSS attack via the user options page.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-43331 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

Reply

Sign in to reply online Use email software

Mark Sapiro

11 Nov 11 Nov

12:53 p.m.

New subject: [Bug 1949401] Re: Potential XSS attack via the user options page.

** Attachment added: "patch_to_fix_1949401" https://bugs.launchpad.net/mailman/+bug/1949401/+attachment/5540165/+files/p... -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

Reply

Sign in to reply online Use email software

Launchpad Bug Tracker

12 Nov 12 Nov

10:56 a.m.

New subject: [Bug 1949401] Re: Potential XSS attack via the user options page.

** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

Reply

Sign in to reply online Use email software

Mark Sapiro

11:01 a.m.

New subject: [Bug 1949401] Re: Potential XSS attack via the user options page.

** Changed in: mailman Status: In Progress => Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

Reply

Sign in to reply online Use email software

1092

Age (days ago)

1103

Last active (days ago)

Download

4 comments

2 participants

tags

participants (2)

Launchpad Bug Tracker
Mark Sapiro