Bug 164933

Summary: CVE-2004-1177 mailman
Product: Red Hat Enterprise Linux 2.1 Reporter: Josh Bressers <bressers>
Component: mailmanAssignee: Harald Hoyer <harald>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 2.1CC: mattdm, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20050110
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-11 13:02:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-08-02 20:43:38 UTC 
+++ This bug was initially created as a clone of Bug #147833 +++

Description of problem:
 Missing XSS security patches for mailman-2.1.5 ?
 
Version-Release number of selected component (if applicable):
 mailman-2.1.5-24.rhel3

Additional info:
 It appears there was an XSS vuln in mailman thru version 2.1.5
 that was patched by other vendors, but not yet patched in
 RHEL to date(2005-02-11): [CAN-2004-1177] cross-site scripting in 
 /var/mailman/scripts/driver

See also: 
https://bugzilla.ubuntu.com/show_bug.cgi?id=5057
http://www.securityfocus.com/bid/12243
Comment 1 Josh Bressers 2005-08-02 20:44:45 UTC 
This bug is the RHEL2.1 placeholder, please see the parent bug (bug 147833) for
more information.
Comment 3 Mark J. Cox 2005-11-11 13:02:13 UTC 
Closing, we do not believe CAN-2004-1177 applies to the 2.0.x versions of
mailman due to setting of STEALTH_MODE