Explore top 10 tips to secure your open-source projects now. Read More
×Quoting DSA 147-1:
A cross-site scripting vulnerability was discovered in mailman, a
software to manage electronic mailing lists. When a properly
crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered
similar to the real one, but the javascript component is executed
as well, which could be used by an attacker to get access to
sensitive information. The new version for Debian 2.2 also
includes backports of security related patches from mailman 2.0.11.
This has been fixed in DSA 147-1 already, however, contrary to popular
belief, it turned out that the Python packaging does not upgrade
Python 1.5 users to 2.1 when upgrading from potato to woody. It also
turned out that the mailman security update unwittingly introduced a
dependency to Python 2.1, both in the security update and upstream,
which left the package unusable on some systems.
This problem has been fixed in version 2.0.11-1woody4 for the current
...
Get the latest Linux and open source security news straight to your inbox.