On Fri, Feb 18, 2011 at 11:01, Mark Sapiro <mark@msapiro.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2/13/2011 1:58 PM, Mark Sapiro wrote:
An XXS vulnerability affecting Mailman 2.1.14 and prior versions has recently been discovered. A patch has been developed to address this issue. The patch is small, affects only one module and can be applied to a live installation without requiring a restart.
In order to accommodate those who need some notice before applying such a patch, the patch will be posted on Friday, 18 February at about 16:00 GMT to the same four lists to which this announcement is addressed.
The vulnerability has been assigned CVE-2011-0707.
The patch is attached as confirm_xss.patch.txt.
Mark, I want to say Thank You for the advanced notification and the patch. Mailman continues to be the leading substantive communication enabler, and it is entirely due to the dedication and quality work of yourself and the Mailman developer community.
Thank you,
-Jim P.