Dziury, dziury :)
Krzysiek Taraszka
dzimi at pld.org.pl
Sat Sep 7 16:08:21 CEST 2002
> III. MAILMAN
> To zaraz będe robić :) ew sprawdzę jak sie ma do naszych zasobów
>
> [SECURITY] [DSA 147-1] New mailman packages fix cross-site scripting
> problem
>
> Package : mailman
> Vulnerability : cross-site scripting
> Problem-Type : remote
> Debian-specific: no
> CVE Id : CAN-2002-0388
>
> A cross-site scripting vulnerability was discovered in mailman, a
> software to manage electronic mailing lists. When a properly crafted
> URL is accessed with Internet Explorer (other browsers don't seem to
> be affected), the resulting webpage is rendered similar to the real
> one, but the javascript component is executed as well, which could be
> used by an attacker to get access to sensitive information.
> 3. mailman, dziurawy, ale tylko w niektorych przypadkach, niezaszkodzi
> polatac.
Ok, mailman jest czysty, mamy 2.0.13 w ktorym zafixowano ten bląd.
Krzysiek Taraszka (dzimi at pld.org.pl)
More information about the pld-devel-pl
mailing list