Описание
ELSA-2020-4667: mailman:2.1 security and bug fix update (MODERATE)
[3:2.1.29-10]
- Fix match patter to reduce false allocation
[3:2.1.29-9]
- Fix for CVE-2020-12137
[3:2.1.29-8]
- Drop unversioned python from comments.
[3:2.1.29-7]
- Change attr of /etc/mailman
[3:2.1.29-6]
- Update run directory references (#1805954)
- fix #1188043 - set 2775 permission for /etc/mailman
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module mailman:2.1 is enabled
mailman
2.1.29-10.module+el8.3.0+7679+d7dcf94b
Oracle Linux x86_64
Module mailman:2.1 is enabled
mailman
2.1.29-10.module+el8.3.0+7679+d7dcf94b
Связанные CVE
Связанные уязвимости
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...
