Package "mailman"

Name:	mailman
Description:	Web-based mailing list manager (legacy branch)
Latest version:	1:2.1.26-1ubuntu0.3
Release:	bionic (18.04)
Level:	security
Repository:	main
Homepage:	http://www.list.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "mailman"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "mailman" in Bionic

Repository	Area	Version
base	main	1:2.1.26-1
updates	main	1:2.1.26-1ubuntu0.3

Changelog

Version: 1:2.1.26-1ubuntu0.3 2020-06-29 15:06:21 UTC

mailman (1:2.1.26-1ubuntu0.3) bionic-security; urgency=medium * SECURITY UPDATE: Arbitrary Content Injection - debian/patches/CVE-2020-15011.diff: checks if roster private, if so log the info in Mailman/Cgi/private.py. - CVE-2020-15011 -- <email address hidden> (Leonidas S. Barbosa) Thu, 25 Jun 2020 15:20:16 -0300

Source diff to previous version

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

Version: 1:2.1.26-1ubuntu0.2 2020-05-11 14:06:45 UTC

mailman (1:2.1.26-1ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: Arbitrary Content Injection - debian/patches/CVE-2020-12108.diff: removed safeusers variable that allows arbitrary content to be injected in Mailman/Cgi/options.py. - CVE-2020-12108 -- <email address hidden> (Leonidas S. Barbosa) Thu, 07 May 2020 09:51:53 -0300

Source diff to previous version

CVE-2020-12108

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

Version: 1:2.1.26-1ubuntu0.1 2020-04-29 16:07:36 UTC

mailman (1:2.1.26-1ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: XSS vulnerability - debian/patches/93_CVE-2018-0618.patch: avoiding injections in Mailman/Gui/General.py, Mailman/Utils.py, Mailman/Gui/GUIBase.py - CVE-2018-0618 * SECURITY UPDATE: Arbitrary text injection - debian/patches/94_CVE-2018-13796.patch: check for injections in Mailmain/Utils.py. - CVE-2018-13796 * SECURITY UPDATE: XSS vulnerability - debian/patches/CVE-2020-12137.diff: use .bin extension for scrubbed application/octet-stream files in Mailman/Handlers/Scrubber.py. - CVE-2020-12137 -- <email address hidden> (Leonidas S. Barbosa) Tue, 28 Apr 2020 15:41:09 -0300

CVE-2018-0618	Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via uns
CVE-2018-13796	An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
CVE-2020-12137	GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks a

About - Send Feedback to @ubuntu_updates

Package "mailman"

Links

Download "mailman"

Other versions of "mailman" in Bionic

Changelog

Tweets

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates