372901 – (CVE-2011-0707) <net-mail/mailman-2.1.15: XSS (CVE-2011-0707)

Bug 372901 (CVE-2011-0707) - <net-mail/mailman-2.1.15: XSS (CVE-2011-0707)

Summary: <net-mail/mailman-2.1.15: XSS (CVE-2011-0707)

Status:	RESOLVED FIXED

Alias:	CVE-2011-0707

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-06-24 20:45 UTC by GLSAMaker/CVETool Bot
Modified:	2012-08-27 01:25 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-06-24 20:45:54 UTC

CVE-2011-0707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0707):
  Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU
  Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web
  script or HTML via the (1) full name or (2) username field in a confirmation
  message.

Comment 1 Hanno Böck gentoo-dev

2012-08-08 17:37:32 UTC

I've committed mailman 2.1.15, which fixes this, but I'd like to wait some days for possible issues to pop up before stabilization.

Comment 2 Hanno Böck gentoo-dev

2012-08-18 11:17:47 UTC

I think we can go on with stabilizing.

Archs, please go ahead, stabilization target:
KEYWORDS="amd64 ppc sparc x86"

Comment 3 Agostino Sarubbo gentoo-dev

2012-08-18 11:30:17 UTC

amd64 stable

Comment 4 Michael Weber (RETIRED) gentoo-dev

2012-08-21 08:52:54 UTC

ppc stable

Comment 5 Johannes Huber (RETIRED) gentoo-dev

2012-08-21 09:11:31 UTC

x86 stable

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2012-08-26 16:00:41 UTC

sparc keywords dropped

Comment 7 Tim Sammut (RETIRED) gentoo-dev

2012-08-27 01:25:56 UTC

Thanks, folks. Closing noglsa for XSS.