Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: mailman
Date: Tue, 18 Feb 2003 08:10:45
Message-Id: 20030217091236.4475E33B4D@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200302-05
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : mailman
9 SUMMARY : cross site scripting
10 DATE : 2003-02-17 09:16 UTC
11 EXPLOIT : remote
12
13 - - ---------------------------------------------------------------------
14
15 The email variable and the default error page in mailmain 2.1 contains
16 cross site scripting vulnerabilities.
17
18 Read the full advisory at:
19 http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111&w=2
20
21 SOLUTION
22
23 It is recommended that all Gentoo Linux users who are running
24 net-mail/mailman upgrade to mailman-2.1.1 as follows:
25
26 emerge sync
27 emerge -u mailman
28 emerge clean
29
30 - - ---------------------------------------------------------------------
31 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
32 - - ---------------------------------------------------------------------
33 -----BEGIN PGP SIGNATURE-----
34 Version: GnuPG v1.2.1 (GNU/Linux)
35
36 iD8DBQE+UKiNfT7nyhUpoZMRAuI2AJ9wnFfMKTXwBVyFnMLASs6SGuZggwCeKdgj
37 k2lHmZN7hAxMFTM7ilmS974=
38 =S96x
39 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups