Overview

File _patchinfo of Package patchinfo.14866

<patchinfo incident="14866">
  <issue tracker="bnc" id="1167068">/var/lib/mailman/archives/mailman: user mailman can't access</issue>
  <issue tracker="bnc" id="1170558">VUL-0: CVE-2020-12137: mailman: XSS due to MIME type confusion</issue>
  <issue tracker="bnc" id="1171363">VUL-1: CVE-2020-12108: mailman: arbitrary content injection in options.py</issue>
  <issue tracker="bnc" id="682920">strange defaults in mailman</issue>
  <issue tracker="cve" id="2020-12108"/>
  <issue tracker="cve" id="2020-12137"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for mailman</summary>
  <description>This update for mailman fixes the following issues:

Security issue fixed:

- CVE-2020-12108: Fixed a content injection bug (bsc#1171363).
- CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558).

Non-security issue fixed:

- Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068).
- Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places