mailman:2.1 security update

エラータID: AXSA:2021-2169:01

Release date: 
Wednesday, July 7, 2021 - 07:28
Subject: 
mailman:2.1 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Mailman is a program used to help manage e-mail discussion lists.

Security Fix(es):

* mailman: arbitrary content injection via the options login page (CVE-2020-12108)
* mailman: arbitrary content injection via the private archive login page (CVE-2020-15011)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-12108
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVE-2020-15011
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

Modularity name: mailman
Stream name: 2.1

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. mailman-2.1.29-11.module+el8+1255+c5fd5869.src.rpm
    MD5: 63b2e3f5f7cf5f3ab08718335ff45569
    SHA-256: 59d06f84d674d99530d77ce6db39c5d6a258f68b793ff96a8de910986cbc74d6
    Size: 9.02 MB

Asianux Server 8 for x86_64
  1. mailman-2.1.29-11.module+el8+1255+c5fd5869.x86_64.rpm
    MD5: 73572a9ad043b26f1465cedee821d954
    SHA-256: 19872274d46df289b2762fa97186c60d7fe714a56c69366bdc1ef9050e80dade
    Size: 5.99 MB
  2. mailman-debugsource-2.1.29-11.module+el8+1255+c5fd5869.x86_64.rpm
    MD5: f75bc89a0f6ad15e8663c2374b9e7937
    SHA-256: 9016a06e3cfac95068d9d5b7863fca5b1b0880112675e6484ec4c2475178468a
    Size: 36.91 kB