oss-sec mailing list archives

Re: CVE Request: mailman

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 13 Sep 2010 16:55:26 -0400 (EDT)


Josh,

Was there a particular reason to split these into separate CVEs? A quickglance suggests they affect the same version, and since they're the sametype, would normally argue for a merge.


- Steve


On Mon, 13 Sep 2010, Josh Bressers wrote:


----- "Huzaifa Sidhpurwala" <huzaifas () redhat com> wrote:

Hi,

There are two mailman vulns. fixed by the following patch:
http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html

Particular Red Hat Bugzilla entries are the following:

        https://bugzilla.redhat.com/show_bug.cgi?id=631881


CVE-2010-3089 mailman XSS via list information HTML template

        https://bugzilla.redhat.com/show_bug.cgi?id=631859


CVE-2010-3090 mailman XSS in list information overview

Thanks.

--
   JB

Current thread:

CVE Request: mailman Huzaifa Sidhpurwala (Sep 13)
- Re: CVE Request: mailman Josh Bressers (Sep 13)
  - Re: CVE Request: mailman Steven M. Christey (Sep 13)
    - Re: CVE Request: mailman Josh Bressers (Sep 13)
    - Re: CVE Request: mailman Steven M. Christey (Sep 13)