UbuntuUpdates.org

Package "mailman"

Name: mailman

Description:

Powerful, web-based mailing list manager

Latest version: 1:2.1.14-3ubuntu0.4
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.list.org/

Links


Download "mailman"


Other versions of "mailman" in Precise

Repository Area Version
base main 1:2.1.14-3
updates main 1:2.1.14-3ubuntu0.4

Changelog

Version: 1:2.1.14-3ubuntu0.4 2016-11-01 19:06:14 UTC

  mailman (1:2.1.14-3ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: CSRF vulnerability in the admin interface
    - debian/patches/CVE-2016-7123.patch: add CSRF checks to
      Mailman/CSRFcheck.py, Mailman/Cgi/admin.py, Mailman/Defaults.py.in,
      Mailman/htmlformat.py.
    - CVE-2016-7123
  * SECURITY UPDATE: CSRF vulnerability in the user options page
    - debian/patches/CVE-2016-6893.patch: add CSRF checks to
      Mailman/Cgi/admindb.py, Mailman/Cgi/edithtml.py,
      Mailman/Cgi/options.py, Mailman/HTMLFormatter.py,
      Mailman/htmlformat.py.
    - CVE-2016-6893

 -- Marc Deslauriers <email address hidden> Fri, 28 Oct 2016 15:19:14 -0400

Source diff to previous version
CVE-2016-7123 Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authent
CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the aut

Version: 1:2.1.14-3ubuntu0.2 2015-04-07 16:06:27 UTC

  mailman (1:2.1.14-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2015-2775.patch: validate list name in
      Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
    - CVE-2015-2775
 -- Marc Deslauriers <email address hidden> Fri, 03 Apr 2015 08:39:37 -0400

CVE-2015-2775 Path traversal vulnerability



About   -   Send Feedback to @ubuntu_updates