|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-608-1 (mailman)



From:
    	      Chris Lamb <lamby@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 608-1] mailman security update 


Date:
    	      Fri, 02 Sep 2016 10:01:58 +0100


Message-ID:
    	      <1472806918.503155.713630737.034C2B97@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mailman
Version        : 1:2.1.15-1+deb7u2
CVE ID         : CVE-2016-6893
Debian Bug     : 835970

It was discovered that there was a CSRF vulnerability in mailman, a
web-based mailing list manager, which could allow an attacker to obtain
a user's password.

For Debian 7 "Wheezy", this issue has been fixed in mailman version
1:2.1.15-1+deb7u2.

We recommend that you upgrade your mailman packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXyUAAAAoJEB6VPifUMR5YjZUQAKkWf8T8HVfHHkL/8YN+U3DM
8SdzociCB0KrkqPXi4yxpHv1RsCragJYtzwVJNwBsKc5gbHEbj/2xjxx00qmhyK6
RxJuhBpXL88tM3o/HCJ220NyGYsGFhOFQI+U55gfpDuHKcobYU0pd5PLXDLDMV4Z
D9tYLSXg8z737K9NQsXjv2d1qsthOdXH2TsB6L+32eD1LeE4dm2X7kMahbMlLmPw
8gwXwJJJ6n7i/Rb8gWjFvciYI1bq8+DZo5V8WFiX/Wgpe4LKU94crrZLQeX3sGhp
EjWU+BvhbZ0Fu1Hb5BnZdgkmIJgVmOWW7+Y558GLgjXFwPn1GCWDfEBpgyEO0xAt
FN4Z/afc9K5C/hSgjodHYMXIyNqhsRoPU7uygfLzWh2yZYq96XbYDrzLwVvXtLSZ
0+H7P7l9CTr6l1SepRhL9eauo5g0qGgC6uS6gXFkMRbcrj9zJLNHg4tpBYs8eX0x
pAf9KCN6UHsbfprcZSGk3pIJPlOhnV6alNojaYDmd74bHtZkZ+B4CWekpOGmUMRx
tLmRGU+lpK5+V9t1kYKwW/KqRscf10wMpYmLhsgDv3V67j2/cKL215a/A/3m2woR
+wYhQ4ujMaoOjGJk9dIcP1ifGOQi3JD3wKx0Hx6YfmfpQJnz9FYv+4YeiM9r9bj3
8u/PVe0KgeVEygtkP4rT
=IO8Z
-----END PGP SIGNATURE-----
(Log in to post comments)


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds