Overview

File _patchinfo of Package patchinfo.8477

<patchinfo incident="8477">
  <issue tracker="bnc" id="1101288">VUL-0: CVE-2018-13796: mailman: content spoofing vulnerability with invalid list name messages in the web UI</issue>
  <issue tracker="cve" id="2018-13796"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>dliedke</packager>
  <description>This update for mailman fixes the following issues:

Security issue fixed:

- CVE-2018-13796: Fix a content spoofing vulnerability with invalid list name messages inside the web UI (boo#1101288).

Bug fixes:

- update to 2.1.29:
  * Fixed the listinfo and admin overview pages that were broken 

- update to 2.1.28:
  * It is now possible to edit HTML and text templates via the web admin UI in a supported language other than the list's preferred_language.
  * The Japanese translation has been updated
  * The German translation has been updated
  * The Esperanto translation has been updated
  * The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was not working.  This is fixed.
  * Escaping of HTML entities for the web UI is now done more selectively. 
</description>
  <summary>Security update for mailman</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places