Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.8163
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8163
<patchinfo incident="8163"> <issue id="1077358" tracker="bnc">VUL-1: CVE-2018-5950 mailman: Cross-site scripting (XSS) vulnerability in web UI</issue> <issue id="925502" tracker="bnc">VUL-1: CVE-2015-2775: mailman: directory traversal in MTA transports that deliver programmatically</issue> <issue id="1101288" tracker="bnc">VUL-0: CVE-2018-13796: mailman: content spoofing vulnerability with invalid list name messages in the web UI</issue> <issue id="995352" tracker="bnc">VUL-0: CVE-2016-6893: mailman: CSRF protection needs to be extended to the user options page</issue> <issue id="1099510" tracker="bnc">VUL-0: CVE-2018-0618: mailman: various html code injections fixed</issue> <issue tracker="cve" id="2018-0618"/> <issue tracker="cve" id="2018-5950"/> <issue tracker="cve" id="2016-6893"/> <issue tracker="cve" id="2015-2775"/> <issue tracker="cve" id="2018-13796"/> <category>security</category> <rating>important</rating> <packager>mcepl</packager> <description>This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) </description> <summary>Security update for mailman</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor