Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Debian DSA 147-2 Critical: Mailman Cross-Site Scripting Attack

debian
Calendar Grey August 26, 2002
Debian Logo
Debian Advisory DSA 147-2 addresses a critical cross-site scripting issue in mailman, with mitigation recommendations.
A cross-site scripting vulnerability was discovered in mailman

Summary

Quoting DSA 147-1:

A cross-site scripting vulnerability was discovered in mailman, a
software to manage electronic mailing lists. When a properly
crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered
similar to the real one, but the javascript component is executed
as well, which could be used by an attacker to get access to
sensitive information. The new version for Debian 2.2 also
includes backports of security related patches from mailman 2.0.11.

This has been fixed in DSA 147-1 already, however, contrary to popular
belief, it turned out that the Python packaging does not upgrade
Python 1.5 users to 2.1 when upgrading from potato to woody. It also
turned out that the mailman security update unwittingly introduced a
dependency to Python 2.1, both in the security update and upstream,
which left the package unusable on some systems.

This problem has been fixed in version 2.0.11-1woody4 for the current
...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: mailman

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.