1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200501-29 / mailman |
| Release Date | January 22, 2005 |
| Latest Revision | January 22, 2005: 01 |
| Impact | low |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-mail/mailman | < 2.1.5-r3 | >= 2.1.5-r3 | All supported architectures |
Related bugreports: #77524
Mailman is vulnerable to cross-site scripting attacks.
Mailman is a Python-based mailing list server with an extensive web interface.
Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.
By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
All Mailman users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3" |