From mark at msapiro.net  Sat Jan 20 15:43:21 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 20 Jan 2018 12:43:21 -0800
Subject: [Mailman-Announce] Mailman 2.1.26 Security release Feb 4, 2018
Message-ID: <68476c0b-f481-1ff3-4cd1-0b5f01dbc5cf@msapiro.net>

An XSS vulnerability in the Mailman 2.1 web UI has been reported and
assigned CVE-2018-5950 which is not yet public.

I plan to release Mailman 2.1.26 along with a patch for older releases
to fix this issue on Feb 4, 2018. At that time, full details of the
vulnerability will be public.

This is advance notice of the upcoming release and patch for those that
need a week or two to prepare. The patch will be small and only affect
one module.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-announce/attachments/20180120/e786295c/attachment.sig>