Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: lnx4948.htm

mailman cross-site scripting hole



20th Dec 2001 [SBWID-4948]
COMMAND

	mailman cross-site scripting hole
	

	

SYSTEMS AFFECTED

	mailman up to 2.0.8

PROBLEM

	Barry A. Warsaw reported several cross-site scripting security holes  in
	Mailman, due to non-existent escaping of CGI variables.

SOLUTION

	Latest version :
	 

	http://prdownloads.sourceforge.net/mailman/mailman-2.0.8.tgz

	

	

	Debian Source archives:
	

	http://security.debian.org/dists/stable/updates/main/source/mailman_1.1.10.diff.gz      

	     http://security.debian.org/dists/stable/updates/main/source/mailman_1.1.orig.tar.gz

	

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH