Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. CVE-2018-5950
CVE: (none) => CVE-2018-5950
Debian advisory from February 9: https://www.debian.org/security/2018/dsa-4108 The issue is fixed upstream in 2.1.26. Mageia 5 and Mageia 6 are also affected.
Assignee: bugsquad => mramboSummary: DSA-4108-1 mailman -- security update CVE-2018-5950 => mailman new security issue CVE-2018-5950Source RPM: mailman => mailman-2.1.24-1.mga7.src.rpmWhiteboard: (none) => MGA6TOO, MGA5TOO
Ubuntu has issued an advisory for this on February 8: https://usn.ubuntu.com/usn/usn-3563-1/
Status comment: (none) => Fixed upstream in 2.1.26
Patched package uploaded for cauldron and Mageia 6. Advisory: ======================== Updated mailman package fixes security vulnerability: Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster (CVE-2018-5950). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950 https://www.debian.org/security/2018/dsa-4108 ======================== Updated packages in core/updates_testing: ======================== mailman-2.1.23-2.1.mga6 from mailman-2.1.23-2.1.mga6.src.rpm Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=8067#c24
Keywords: (none) => has_procedureWhiteboard: MGA6TOO, MGA5TOO => (none)Version: Cauldron => 6Assignee: mrambo => qa-bugs
Advisory uploaded.
Keywords: (none) => advisory
Testing complete mga6 64 Without configuring domain etc.. # urpmi mailman Looked for cli commands with # urpmf mailman | grep bin Before ------ # newlist --quiet --urlhost=localhost.localdomain --emailhost=localhost.localdomain test eeeemail@gmail.com Initial test password: # list_lists 2 matching mailing lists found: Mailman - Mailman site list Test - [no description available] # list_owners eeeemail@gmail.com root@localhost.localdomain After ----- # rmlist test Not removing archives. Reinvoke with -a to remove them. Removing list info # list_lists 1 matching mailing lists found: Mailman - Mailman site list # newlist --quiet --urlhost=localhost.localdomain --emailhost=localhost.localdomain test eeeemail@gmail.com Initial test password: # list_lists 2 matching mailing lists found: Mailman - Mailman site list Test - [no description available] # list_owners eeeemail@gmail.com root@localhost.localdomain Ensured the web interface available at http://localhost/mailman Cleaned up. # rmlist test Not removing archives. Reinvoke with -a to remove them. Removing list info # urpme mailman
Whiteboard: (none) => mga6-64-ok
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0184.html
Status: NEW => RESOLVEDResolution: (none) => FIXED