[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] mailman 2.x: XSS via file attachments in list archives
From: Salvatore Bonaccorso <carnil () debian ! org>
Date: 2020-04-24 19:00:16
Message-ID: 20200424190016.GA2393887 () eldamar ! local
[Download RAW message or body]
Hi,
On Thu, Apr 23, 2020 at 04:41:43PM +0200, Stefan Cornelius wrote:
> On Mon, 24 Feb 2020 11:06:38 -0500
> Jim Popovitch <jim@k4vqc.com> wrote:
>
> > On Mon, 2020-02-24 at 15:34 +0100, Hanno Böck wrote:
> > > This change is in mailman 2.1.30rc1, but not in any stable release
> > > of mailman.
> >
> > Just for some added info, Mailman v2.1.30 is almost released, the
> > holdup is with some language translations. Mailman v2.1.30 will be
> > the last of the Mailman v2 releases as primary development and effort
> > has long shifted to Mailman v3. Further, the Mailman v2 branch is
> > tied to Python v2, which is now EOL by the fine Python folk.
> >
> > Once Mailman v2.1.30 is release, I'm sure the various distributions
> > will pull the commit and merge the particulars into their release
> > branches, and that will surely include this XSS fix.
>
> Hi,
>
> It seems like this does not have a CVE? Is there a reason for this, or
> did this just slip through the cracks/was never really requested?
This appears to have happened now,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12137 was
assigned.
Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic