Описание
Security update for mailman
This update for mailman fixes the following issues:
Security issue fixed:
- CVE-2018-13796: Fix a content spoofing vulnerability with invalid list name messages inside the web UI (boo#1101288).
Bug fixes:
-
update to 2.1.29:
- Fixed the listinfo and admin overview pages that were broken
-
update to 2.1.28:
- It is now possible to edit HTML and text templates via the web admin UI in a supported language other than the list's preferred_language.
- The Japanese translation has been updated
- The German translation has been updated
- The Esperanto translation has been updated
- The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was not working. This is fixed.
- Escaping of HTML entities for the web UI is now done more selectively.
Список пакетов
openSUSE Leap 42.3
mailman-2.1.29-2.11.2
Ссылки
- E-Mail link for openSUSE-SU-2018:2309-1
- SUSE Security Ratings
Описание
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Затронутые продукты
openSUSE Leap 42.3:mailman-2.1.29-2.11.2
Ссылки
- CVE-2018-13796
- SUSE Bug 1101288