Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 147-1 (mailman)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to mailman announced via advisory DSA 147-1.
Insight
Insight
A cross-site scripting vulnerability was discovered in mailman, a software to manage electronic mailing lists. When a properly crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered similar to the real one, but the javascript component is executed as well, which could be used by an attacker to get access to sensitive information. The new version for Debian 2.2 also includes backports of security related patches from mailman 2.0.11. This problem has been fixed in version 2.0.11-1woody2 for the current stable distribution (woody), in version 1.1-10.1 for the old stable distribution (woody) and in version 2.0.12-1 for the unstable distribution (sid). We recommend that you upgrade your mailman package.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20147-1