-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : mailman Version : 1:2.1.15-1+deb7u3 CVE ID : CVE-2018-5950 Debian Bug : 888201
The mailman package has a Cross-site scripting (XSS) vulnerability in the web UI before 2.1.26 which allows remote attackers to inject arbitrary web script or HTML via a user-options URL For Debian 7 "Wheezy", these problems have been fixed in version 1:2.1.15-1+deb7u3 We recommend that you upgrade your mailman packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlp9CEwACgkQhj1N8u2c KO8PuQ//bDi8m4cr91CEMD7VZh3EaKl39e8UWTUKK62dxzNlQdfvIIv0zvRncl1m 5ANk3aJa0Oa30nvFpgoeCrNoqaiuIVyxylSk24skjBPIBPwVg8+W14Mp7DgcLXEA cuT841CBZgerOXLpPGYSK10m072mBRDALUi+eA/EEps9mjb4+8yssDOz1huUyOJW tqWEzjAIxCP6i8bQkkmw1TKbc3WEGmrFzeq79zjjOEPzVztTE5J3bisUvnIsOf/e SY4IrgNrmh8MQ/aeu3S8owG5mYnztmrrqZ5SjPU33dG5btul6ZKNBA3RhfG6okI5 TTrI5Odk+KXD51uqwGhAPylQ11Nur7HZnazsxesLIrz18HIFyJREqr30M+vj8Bkc XHSRaptA1slfX9WFapnUisrWjy29vLD5YpaxMM2kD454G2xlIj5W9rhqHzdXgxPE Qeb25iAHYu+zp/4UIywCqQZaBWewM9FW9SiIac73BxL4mLwopmQoXz5AmAPPB8sk AODJr+0/se/7XreAPrDhWMrv9Oql5v3cR4fM4C4Sx4OzZqBcmpohyYWcpeC+0kkV ovlW2ciia5+o6FoCaKKxdCwsqFwG1ZF1ZHuK9XjkGWp4c7mwQOipgBBUIWX18Euu cgB/LWVu9w9TPfkjHd7FqRNVn11RukDhGD05sF86ZEsyrltoNx4= =479P -----END PGP SIGNATURE-----
