+++ This bug was initially created as a clone of Bug #147833 +++ Description of problem: Missing XSS security patches for mailman-2.1.5 ? Version-Release number of selected component (if applicable): mailman-2.1.5-24.rhel3 Additional info: It appears there was an XSS vuln in mailman thru version 2.1.5 that was patched by other vendors, but not yet patched in RHEL to date(2005-02-11): [CAN-2004-1177] cross-site scripting in /var/mailman/scripts/driver See also: https://bugzilla.ubuntu.com/show_bug.cgi?id=5057 http://www.securityfocus.com/bid/12243
This bug is the RHEL2.1 placeholder, please see the parent bug (bug 147833) for more information.
Closing, we do not believe CAN-2004-1177 applies to the 2.0.x versions of mailman due to setting of STEALTH_MODE