svn commit: r534283 - head/security/vuxml
Matthias Andree
mandree at FreeBSD.org
Thu May 7 19:56:01 UTC 2020
Author: mandree
Date: Thu May 7 19:56:00 2020
New Revision: 534283
URL: https://svnweb.freebsd.org/changeset/ports/534283
Log:
mail/mailman: extend content injection vuln via private archive login
This led up to mailman 2.1.33 today.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Approved by: ports-secteam@ (blanket for security fixes)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu May 7 17:54:11 2020 (r534282)
+++ head/security/vuxml/vuln.xml Thu May 7 19:56:00 2020 (r534283)
@@ -135,15 +135,17 @@ Notes:
</vuln>
<vuln vid="88760f4d-8ef7-11ea-a66d-4b2ef158be83">
- <topic>mailman -- content injection vulnerability via options login page</topic>
+ <topic>mailman -- arbitrary content injection vulnerability via options or private archive login pages</topic>
<affects>
<package>
<name>mailman</name>
- <range><lt>2.1.30_3</lt></range>
+ <range><lt>2.1.30_4</lt></range>
+ <range><ge>2.1.31</ge><lt>2.1.33</lt></range>
</package>
<package>
<name>mailman-with-htdig</name>
- <range><lt>2.1.30_3</lt></range>
+ <range><lt>2.1.30_4</lt></range>
+ <range><ge>2.1.31</ge><lt>2.1.33</lt></range>
</package>
</affects>
<description>
@@ -159,16 +161,26 @@ Notes:
An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack.
</p>
</blockquote>
+ <blockquote cite="https://bugs.launchpad.net/mailman/+bug/1877379">
+ <p>
+ (added 2020-05-07) This is essentially the same as
+ https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is
+ the private archive login page and the attack only succeeds if the
+ list's roster visibility (private_roster) setting is 'Anyone'.
+ </p>
+ </blockquote>
</body>
</description>
<references>
<url>https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8</url>
<url>https://bugs.launchpad.net/mailman/+bug/1873722</url>
+ <url>https://bugs.launchpad.net/mailman/+bug/1877379</url>
+ <url>https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/</url>
<cvename>CVE-2018-13796</cvename>
</references>
<dates>
<discovery>2020-04-20</discovery>
- <entry>2020-05-05</entry>
+ <entry>2020-05-07</entry>
</dates>
</vuln>
More information about the svn-ports-head
mailing list