[Mailman-Developers] Mailman Security Patch Announcement
David Brown
dave at aasv.org
Fri Feb 18 20:13:38 CET 2011
Sorry for the n00b moment, but am I correct to think that the way to apply
the patch is to issue the command:
patch <pathTo_Mailman/cgi/confirm.py> <pathTo_confirm_xss.patch.txt>
...when logged in with appropriate permissions and where each
<thingInBrackets> is replaced with the appropriate file path.
(I did check to see whether there were instructions posted on the web page.
Maybe you included them on a different list.)
Thanks,
Dave
--
David Brown
dave at aasv.org ; webmaster at aasv.org
-----Original Message-----
From: mailman-developers-bounces+dave=aasv.org at python.org
[mailto:mailman-developers-bounces+dave=aasv.org at python.org] On Behalf Of
Mark Sapiro
Sent: Friday, February 18, 2011 11:02 AM
To: Mailman Announce; Mailman i18n; Mailman Users; Mailman Developers
Subject: Re: [Mailman-Developers] Mailman Security Patch Announcement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/13/2011 1:58 PM, Mark Sapiro wrote:
> An XXS vulnerability affecting Mailman 2.1.14 and prior versions has
> recently been discovered. A patch has been developed to address this
> issue. The patch is small, affects only one module and can be applied
> to a live installation without requiring a restart.
>
> In order to accommodate those who need some notice before applying
> such a patch, the patch will be posted on Friday, 18 February at about
> 16:00 GMT to the same four lists to which this announcement is addressed.
The vulnerability has been assigned CVE-2011-0707.
The patch is attached as confirm_xss.patch.txt.
- --
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFNXpf1VVuXXpU7hpMRAs1nAJ97r3VEu5b5jl4JhdNv3r6x+ElqjQCghU+w
Gp0hqWatECAYyAIL7IH9dGk=
=8U6M
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list