UbuntuUpdates.org

Package "mailman"

Name: mailman

Description:

Powerful, web-based mailing list manager
Latest version: 1:2.1.16-2ubuntu0.5
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://www.list.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "mailman"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "mailman" in Trusty

Repository Area Version
base main 1:2.1.16-2
security main 1:2.1.16-2ubuntu0.5

Changelog

Version: 1:2.1.16-2ubuntu0.5 2018-02-08 20:07:16 UTC

  mailman (1:2.1.16-2ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Cross-site scripting vulnerability
    - debian/patches/CVE-2018-5950.patch: fix this in
      Mailman/Cgi/options.py.
    - CVE-2018-5950

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Feb 2018 14:45:50 -0300
Source diff to previous version
CVE-2018-5950 Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a

Version: 1:2.1.16-2ubuntu0.3 2017-11-30 02:06:40 UTC

  mailman (1:2.1.16-2ubuntu0.3) trusty; urgency=medium

  * Fixed a misspelling in Tagger.py that breaks Lists
    with topics enabled (LP: #1251495)

 -- Christian Ehrhardt <email address hidden> Wed, 25 Oct 2017 16:46:47 +0200
Source diff to previous version
1251495 Lists with topics enabled can throw unexpected keyword argument 'Delete' exception.

Version: 1:2.1.16-2ubuntu0.2 2016-11-01 20:06:57 UTC

  mailman (1:2.1.16-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: CSRF vulnerability in the user options page
    - debian/patches/CVE-2016-6893.patch: add CSRF checks to
      Mailman/Cgi/admindb.py, Mailman/Cgi/edithtml.py,
      Mailman/Cgi/options.py, Mailman/HTMLFormatter.py,
      Mailman/htmlformat.py.
    - CVE-2016-6893

 -- Marc Deslauriers <email address hidden> Thu, 06 Oct 2016 11:27:40 -0400
Source diff to previous version
CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the aut

Version: 1:2.1.16-2ubuntu0.1 2015-04-07 17:06:30 UTC

  mailman (1:2.1.16-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2015-2775.patch: validate list name in
      Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
    - CVE-2015-2775
 -- Marc Deslauriers <email address hidden> Fri, 03 Apr 2015 08:34:52 -0400
CVE-2015-2775 Path traversal vulnerability


About   -   Send Feedback to @ubuntu_updates