[Secure-testing-team] Tracking: security problems fixed by Mailman
2.1.9
Lionel Elie Mamane
lionel at mamane.lu
Tue Sep 12 08:18:32 UTC 2006
Hi,
The following security problems will be fixed by the upload of Mailman
2.1.9, if and when we upload it:
- A malicious user could visit a specially crafted URI and inject an
apparent log message into Mailman's error log which might induce an
unsuspecting administrator to visit a phishing site. This has been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks to Moritz
Naumann for their discovery. CVE-2006-3636
--
Lionel
More information about the Secure-testing-team
mailing list