Bug 372901 (CVE-2011-0707)

Summary:	<net-mail/mailman-2.1.15: XSS (CVE-2011-0707)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	hanno, net-mail+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2011-06-24 20:45:54 UTC

CVE-2011-0707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0707):
  Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU
  Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web
  script or HTML via the (1) full name or (2) username field in a confirmation
  message.

Comment 1 Hanno Böck gentoo-dev

2012-08-08 17:37:32 UTC

I've committed mailman 2.1.15, which fixes this, but I'd like to wait some days for possible issues to pop up before stabilization.

Comment 2 Hanno Böck gentoo-dev

2012-08-18 11:17:47 UTC

I think we can go on with stabilizing.

Archs, please go ahead, stabilization target:
KEYWORDS="amd64 ppc sparc x86"

Comment 3 Agostino Sarubbo gentoo-dev

2012-08-18 11:30:17 UTC

amd64 stable

Comment 4 Michael Weber (RETIRED) gentoo-dev

2012-08-21 08:52:54 UTC

ppc stable

Comment 5 Johannes Huber (RETIRED) gentoo-dev

2012-08-21 09:11:31 UTC

x86 stable

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2012-08-26 16:00:41 UTC

sparc keywords dropped

Comment 7 Tim Sammut (RETIRED) gentoo-dev

2012-08-27 01:25:56 UTC

Thanks, folks. Closing noglsa for XSS.