[Mailman-Developers] [Mailman-Announce] Mailman Security Patch Announcement
Jim Popovitch
jimpop at gmail.com
Fri Feb 18 22:28:55 CET 2011
On Fri, Feb 18, 2011 at 11:01, Mark Sapiro <mark at msapiro.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2/13/2011 1:58 PM, Mark Sapiro wrote:
>> An XXS vulnerability affecting Mailman 2.1.14 and prior versions has
>> recently been discovered. A patch has been developed to address this
>> issue. The patch is small, affects only one module and can be applied to
>> a live installation without requiring a restart.
>>
>> In order to accommodate those who need some notice before applying such
>> a patch, the patch will be posted on Friday, 18 February at about 16:00
>> GMT to the same four lists to which this announcement is addressed.
>
>
> The vulnerability has been assigned CVE-2011-0707.
>
> The patch is attached as confirm_xss.patch.txt.
Mark, I want to say Thank You for the advanced notification and the
patch. Mailman continues to be the leading substantive communication
enabler, and it is entirely due to the dedication and quality work of
yourself and the Mailman developer community.
Thank you,
-Jim P.
More information about the Mailman-Developers
mailing list