[SECURITY] [DLA 1272-1] mailman security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : mailman
Version : 1:2.1.15-1+deb7u3
CVE ID : CVE-2018-5950
Debian Bug : 888201
The mailman package has a Cross-site scripting (XSS) vulnerability in
the web UI before 2.1.26 which allows remote attackers to inject
arbitrary web script or HTML via a user-options URL
For Debian 7 "Wheezy", these problems have been fixed in version
1:2.1.15-1+deb7u3
We recommend that you upgrade your mailman packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlp9CEwACgkQhj1N8u2c
KO8PuQ//bDi8m4cr91CEMD7VZh3EaKl39e8UWTUKK62dxzNlQdfvIIv0zvRncl1m
5ANk3aJa0Oa30nvFpgoeCrNoqaiuIVyxylSk24skjBPIBPwVg8+W14Mp7DgcLXEA
cuT841CBZgerOXLpPGYSK10m072mBRDALUi+eA/EEps9mjb4+8yssDOz1huUyOJW
tqWEzjAIxCP6i8bQkkmw1TKbc3WEGmrFzeq79zjjOEPzVztTE5J3bisUvnIsOf/e
SY4IrgNrmh8MQ/aeu3S8owG5mYnztmrrqZ5SjPU33dG5btul6ZKNBA3RhfG6okI5
TTrI5Odk+KXD51uqwGhAPylQ11Nur7HZnazsxesLIrz18HIFyJREqr30M+vj8Bkc
XHSRaptA1slfX9WFapnUisrWjy29vLD5YpaxMM2kD454G2xlIj5W9rhqHzdXgxPE
Qeb25iAHYu+zp/4UIywCqQZaBWewM9FW9SiIac73BxL4mLwopmQoXz5AmAPPB8sk
AODJr+0/se/7XreAPrDhWMrv9Oql5v3cR4fM4C4Sx4OzZqBcmpohyYWcpeC+0kkV
ovlW2ciia5+o6FoCaKKxdCwsqFwG1ZF1ZHuK9XjkGWp4c7mwQOipgBBUIWX18Euu
cgB/LWVu9w9TPfkjHd7FqRNVn11RukDhGD05sF86ZEsyrltoNx4=
=479P
-----END PGP SIGNATURE-----
Reply to: