From mark at msapiro.net Sun Feb 13 22:58:33 2011 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 13 Feb 2011 13:58:33 -0800 Subject: [Mailman-i18n] Mailman Security Patch Announcement Message-ID: <4D585409.3080305@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An XXS vulnerability affecting Mailman 2.1.14 and prior versions has recently been discovered. A patch has been developed to address this issue. The patch is small, affects only one module and can be applied to a live installation without requiring a restart. In order to accommodate those who need some notice before applying such a patch, the patch will be posted on Friday, 18 February at about 16:00 GMT to the same four lists to which this announcement is addressed. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFNWFQIVVuXXpU7hpMRAixMAJ9CvXBKvSkkF6JAj9qfnPVOQBOz9QCg/ASx RKTuYnogMT0S96GqSclcXyY= =l9sU -----END PGP SIGNATURE----- From mark at msapiro.net Fri Feb 18 17:01:57 2011 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 18 Feb 2011 08:01:57 -0800 Subject: [Mailman-i18n] Mailman Security Patch Announcement In-Reply-To: <4D585409.3080305@msapiro.net> References: <4D585409.3080305@msapiro.net> Message-ID: <4D5E97F5.5060203@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/13/2011 1:58 PM, Mark Sapiro wrote: > An XXS vulnerability affecting Mailman 2.1.14 and prior versions has > recently been discovered. A patch has been developed to address this > issue. The patch is small, affects only one module and can be applied to > a live installation without requiring a restart. > > In order to accommodate those who need some notice before applying such > a patch, the patch will be posted on Friday, 18 February at about 16:00 > GMT to the same four lists to which this announcement is addressed. The vulnerability has been assigned CVE-2011-0707. The patch is attached as confirm_xss.patch.txt. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFNXpf1VVuXXpU7hpMRAs1nAJ97r3VEu5b5jl4JhdNv3r6x+ElqjQCghU+w Gp0hqWatECAYyAIL7IH9dGk= =8U6M -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: confirm_xss.patch.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: confirm_xss.patch.txt.sig Type: application/octet-stream Size: 65 bytes Desc: not available URL: