SUSE-SU-2019:13924-1 -- SLES mailmanID: oval:org.secpod.oval:def:89003352 | Date: (C)2021-02-27 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages - Fixed arbitrary text injection vulnerability in several mailman CGIs - Fixed a CSRF vulnerability on the user options page
Platform: |
SUSE Linux Enterprise Server 11 SP4 |