svn commit: r461276 - head/security/vuxml
Matthias Andree
mandree at FreeBSD.org
Thu Feb 8 22:24:00 UTC 2018
Author: mandree
Date: Thu Feb 8 22:23:59 2018
New Revision: 461276
URL: https://svnweb.freebsd.org/changeset/ports/461276
Log:
Document Mailman vulnerability
PR: 225767
Submitted by: Vladimir Krstulja
Reviewed by: Matthias Andree
Security: CVE-2018-5950
Security: 3d0eeef8-0cf9-11e8-99b0-d017c2987f9a
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Feb 8 22:14:31 2018 (r461275)
+++ head/security/vuxml/vuln.xml Thu Feb 8 22:23:59 2018 (r461276)
@@ -58,6 +58,39 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="3d0eeef8-0cf9-11e8-99b0-d017c2987f9a">
+ <topic>Mailman -- Cross-site scripting (XSS) vulnerability in the web UI</topic>
+ <affects>
+ <package>
+ <name>mailman</name>
+ <range><lt>2.1.26</lt></range>
+ </package>
+ <package>
+ <name>ja-mailman</name>
+ <range><le>2.1.14.j7_2,1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mark Sapiro reports:</p>
+ <blockquote cite="https://www.mail-archive.com/mailman-users@python.org/msg70478.html">
+ <p>An XSS vulnerability in the user options CGI could allow a crafted URL
+ to execute arbitrary javascript in a user's browser. A related issue
+ could expose information on a user's options page without requiring
+ login.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.mail-archive.com/mailman-users@python.org/msg70478.html</url>
+ <cvename>CVE-2018-5950</cvename>
+ </references>
+ <dates>
+ <discovery>2018-01-20</discovery>
+ <entry>2018-02-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c602c791-0cf4-11e8-a2ec-6cc21735f730">
<topic>PostgreSQL vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list