[Pkg-mailman-hackers] Tracking: security problems fixed by Mailman 2.1.9

Lionel Elie Mamane lionel at mamane.lu
Tue Sep 12 08:18:32 UTC 2006


The following security problems will be fixed by the upload of Mailman
2.1.9, if and when we upload it:

    - A malicious user could visit a specially crafted URI and inject an
      apparent log message into Mailman's error log which might induce an
      unsuspecting administrator to visit a phishing site.  This has been
      blocked.  Thanks to Moritz Naumann for its discovery.

    - Fixed denial of service attack which can be caused by some
      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
      Naumann for their discovery.  CVE-2006-3636


More information about the Pkg-mailman-hackers mailing list