-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jul 2018 22:02:16 +0200 Source: mailman Binary: mailman Architecture: source amd64 Version: 1:2.1.18-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: mailman - Powerful, web-based mailing list manager Changes: mailman (1:2.1.18-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-0618: Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field. * Fix CVE-2018-13796: Hammad Qureshi discovered a content spoofing vulnerability with invalid list name messages in the web UI. Checksums-Sha1: 13dde04fced21322301b53ca7bae942c0a1ac8da 2236 mailman_2.1.18-2+deb8u3.dsc 4fd782bea0e4993cf8ffa5fd127ebbb6a112b3fe 107628 mailman_2.1.18-2+deb8u3.debian.tar.xz 02e71e5ac567352f6de97414564fa17b98af541f 4321566 mailman_2.1.18-2+deb8u3_amd64.deb Checksums-Sha256: 9408fc83b1f1f919d3b2ddb91ea9d7e0fa2e8773e79d90531542aad38ee7cc42 2236 mailman_2.1.18-2+deb8u3.dsc 6f53eb7ef9ddab97b55c7778dc6d79eca0635c65da275f46c2ce32e55f502bef 107628 mailman_2.1.18-2+deb8u3.debian.tar.xz 30b38e0ff18f55f22b63468e6235da187977cb0c1d66a876573909ea572ac3e2 4321566 mailman_2.1.18-2+deb8u3_amd64.deb Files: 80eae030323eb5e01ac4a25f6f83888b 2236 mail optional mailman_2.1.18-2+deb8u3.dsc 34b4de803e70939dc1ff8988f27db9ae 107628 mail optional mailman_2.1.18-2+deb8u3.debian.tar.xz e251d9d5b9ea84c1b15cc1f2ece2ada6 4321566 mail optional mailman_2.1.18-2+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltXjoFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkG1MQAKejhmKZD5ZjanuXmg78WiTO47LxZ1ZmN6s0 wR1C1uE8dgF45O0rkMZqClrZSkUnVig7VmrdoPK6q5MwMM86XaIf8RYnwARLCMI4 t7KZUrl+dxpUrpBIRwpXjwqgCKZlhzqsskND9j0HBzvsO4Kk5yRFlw+XmkWeqixj 8y6SZ/C4ItAI3DIa/h2z/pDi2hJSmQ+j8qqXKMwyaBtppwQ5IapeXFI6GDPZVqTI trWCo5PXt5GTKoWOcCb4BrSjvyTbevMDFEC8y3A3zAwnI3y3ik6T6+rQQnQjr2Fg e8F/SWYe6o2QbRT7llCkb9AHta7rnf0YcV5e0dIILNTtesNvS7wkxSk9UctNQZob cNLdTXFXu59XoK5w0Mm7ENuRcIl/RZ+hY7Ki0UJ5HeihHYtSgkxVpAl83G5ajwOj nKddGuo4RChsfy8aQaoMTsviLRt7wxZ7m+CXvFfWKFhEqy1KQ1L5D/x+MhLVnVHo cUCc0gbgcI0mTDGSfGmjsB3VCojKcZ55sjSNsUAJZ+4xBQOD618xyiBuVqRVFJyS 0nWlET+0HKeGgfW3kc/Tn6yliHW0PEbs82V5klH3Rul1iSciR9h47QAIhZJL9dxT 8NsF3+VOwlUH+jGdhLSaQNyIhtP5SeffpyDnp/hPiL3dWHiBxmdta6XUfw7GddIR MLg6zmam =k8pd -----END PGP SIGNATURE-----
