Advisories ยป MGASA-2018-0184

Updated mailman packages fix a security vulnerability

Publication date: 29 Mar 2018
Modification date: 29 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5950

Description

Updated mailman package fixes security vulnerability:

Calum Hutton and the Mailman team discovered a cross site scripting and 
information leak vulnerability in the user options page. A remote attacker could 
use a crafted URL to steal cookie information or to fish for whether a user is 
subscribed to a list with a private roster (CVE-2018-5950).
                

References

SRPMS

6/core