mailman: cross-site scripting

Package(s):

mailman

CVE #(s):

CVE-2010-3089

Created:

October 4, 2010

Updated:

May 17, 2011

Description:

From the Mandriva advisory:

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

Alerts:

SUSE	SUSE-SR:2011:007	NetworkManager, OpenOffice_org, apache2-slms, dbus-1-glib, dhcp/dhcpcd/dhcp6, freetype2, kbd, krb5, libcgroup, libmodplug, libvirt, mailman, moonlight-plugin, nbd, openldap2, pure-ftpd, python-feedparser, rsyslog, telepathy-gabble, wireshark	2011-04-19
CentOS	CESA-2011:0307	mailman	2011-04-14
openSUSE	openSUSE-SU-2011:0312-1	mailman	2011-04-07
SUSE	SUSE-SR:2011:009	mailman, openssl, tgt, rsync, vsftpd, libzip1/libzip-devel, otrs, libtiff, kdelibs4, libwebkit, libpython2_6-1_0, perl, pure-ftpd, collectd, vino, aaa_base, exim	2011-05-17
openSUSE	openSUSE-SU-2011:0424-1	mailman	2011-05-03
CentOS	CESA-2011:0307	mailman	2011-03-02
Red Hat	RHSA-2011:0308-01	mailman	2011-03-01
Red Hat	RHSA-2011:0307-01	mailman	2011-03-01
Ubuntu	USN-1069-1	mailman	2011-02-22
Debian	DSA-2170-1	mailman	2011-02-18
Fedora	FEDORA-2010-14877	mailman	2010-09-17
Fedora	FEDORA-2010-14834	mailman	2010-09-17
Mandriva	MDVSA-2010:191	mailman	2010-10-01