There was an XSS vulnerability in Mailman 2.1.13 and prior: [1] Fix: The port is already at 2.1.14, so only VuXML entry is needed. The following VuXML entry should be evaluated and added: It passes 'make validate' for me.--PtAJob4CkaMBd3Gregqf049g9w0NlBGaW4SpgNzOAmXaPXV8 Content-Type: text/plain; name="vuln.xml" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="vuln.xml" <vuln vid="132024b9-e74e-11df-bc65-0022156e8794"> <topic>Mailman -- cross-site scripting in Web interface</topic> <affects> <package> <name>mailman</name> <range><lt>2.1.14</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/41265"> <p>Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks.</p> <p>Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.</p> <p>Successful exploitation requires "list owner" permissions.</p> </blockquote> </body> </description> <references> <bid>43187</bid> <cvename>CVE-2010-3089</cvename> <url>http://secunia.com/advisories/41265</url> </references> <dates> <discovery>2010-09-14</discovery> <entry>TODAY</entry> </dates> </vuln> How-To-Repeat: [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3089
Responsible Changed From-To: freebsd-ports-bugs->wxs Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->closed Committed. Thanks!