164933 – CVE-2004-1177 mailman

Bug 164933 - CVE-2004-1177 mailman

Summary: CVE-2004-1177 mailman

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	mailman
Sub Component:
Version:	2.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Harald Hoyer
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=important,public=20050110
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-08-02 20:43 UTC by Josh Bressers
Modified:	2007-11-30 22:06 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-11-11 13:02:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Josh Bressers 2005-08-02 20:43:38 UTC

+++ This bug was initially created as a clone of Bug #147833 +++

Description of problem:
 Missing XSS security patches for mailman-2.1.5 ?
 
Version-Release number of selected component (if applicable):
 mailman-2.1.5-24.rhel3

Additional info:
 It appears there was an XSS vuln in mailman thru version 2.1.5
 that was patched by other vendors, but not yet patched in
 RHEL to date(2005-02-11): [CAN-2004-1177] cross-site scripting in 
 /var/mailman/scripts/driver

See also: 
https://bugzilla.ubuntu.com/show_bug.cgi?id=5057
http://www.securityfocus.com/bid/12243

Comment 1 Josh Bressers 2005-08-02 20:44:45 UTC

This bug is the RHEL2.1 placeholder, please see the parent bug (bug 147833) for
more information.

Comment 3 Mark J. Cox 2005-11-11 13:02:13 UTC

Closing, we do not believe CAN-2004-1177 applies to the 2.0.x versions of
mailman due to setting of STEALTH_MODE

Note You need to log in before you can comment on or make changes to this bug.