Bug 205652
Summary: | CVE-2006-4624 mailman logfile CRLF injection | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | mailman | Assignee: | Tomas Smetana <tsmetana> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=low,source=vendorsec,reported=20060907,public=20060623 | ||
Fixed In Version: | 2.1.9-0.fc5.1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-03 13:13:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2006-09-07 20:41:17 UTC
Bug #206607 also lists these two additional CVE's: CVE-2006-3636 CVE-2006-2941. The solution for FC6Test3 was to upgrade to mailman 2.1.9. Any plans to do likewise for this bug as well? Those issues bring the current FC5 mailman to a security impact of "moderate," I believe? The version 2.1.9 is available in FC-5 updates. |