21 Jan
2018
21 Jan
'18
10:22 a.m.
Hi, I'd like to update Japanese translation against message change on lp:mailman/2.1 Rev 1730. So I'm please if you'll rebuild mailman.pot early enogh before release. On 01/21/18 05:43, Mark Sapiro wrote:
An XSS vulnerability in the Mailman 2.1 web UI has been reported and assigned CVE-2018-5950 which is not yet public.
I plan to release Mailman 2.1.26 along with a patch for older releases to fix this issue on Feb 4, 2018. At that time, full details of the vulnerability will be public.
This is advance notice of the upcoming release and patch for those that need a week or two to prepare. The patch will be small and only affect one module.
-- Yasuhito FUTATSUKI <futatuki@poem.co.jp>