Updated mailman packages fix a security vulnerability
Publication date: 29 Mar 2018Modification date: 29 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5950
Description
Updated mailman package fixes security vulnerability:
Calum Hutton and the Mailman team discovered a cross site scripting and
information leak vulnerability in the user options page. A remote attacker could
use a crafted URL to steal cookie information or to fish for whether a user is
subscribed to a list with a private roster (CVE-2018-5950).
References
SRPMS
6/core
- mailman-2.1.23-2.1.mga6