Accepted mailman 1:2.1.18-2+deb8u3 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jul 2018 22:02:16 +0200
Source: mailman
Binary: mailman
Architecture: source amd64
Version: 1:2.1.18-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
mailman - Powerful, web-based mailing list manager
Changes:
mailman (1:2.1.18-2+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-0618:
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered
that mailman, a web-based mailing list manager, is prone to a cross-site
scripting flaw allowing a malicious listowner to inject scripts into the
listinfo page, due to not validated input in the host_name field.
* Fix CVE-2018-13796:
Hammad Qureshi discovered a content spoofing vulnerability with invalid
list name messages in the web UI.
Checksums-Sha1:
13dde04fced21322301b53ca7bae942c0a1ac8da 2236 mailman_2.1.18-2+deb8u3.dsc
4fd782bea0e4993cf8ffa5fd127ebbb6a112b3fe 107628 mailman_2.1.18-2+deb8u3.debian.tar.xz
02e71e5ac567352f6de97414564fa17b98af541f 4321566 mailman_2.1.18-2+deb8u3_amd64.deb
Checksums-Sha256:
9408fc83b1f1f919d3b2ddb91ea9d7e0fa2e8773e79d90531542aad38ee7cc42 2236 mailman_2.1.18-2+deb8u3.dsc
6f53eb7ef9ddab97b55c7778dc6d79eca0635c65da275f46c2ce32e55f502bef 107628 mailman_2.1.18-2+deb8u3.debian.tar.xz
30b38e0ff18f55f22b63468e6235da187977cb0c1d66a876573909ea572ac3e2 4321566 mailman_2.1.18-2+deb8u3_amd64.deb
Files:
80eae030323eb5e01ac4a25f6f83888b 2236 mail optional mailman_2.1.18-2+deb8u3.dsc
34b4de803e70939dc1ff8988f27db9ae 107628 mail optional mailman_2.1.18-2+deb8u3.debian.tar.xz
e251d9d5b9ea84c1b15cc1f2ece2ada6 4321566 mail optional mailman_2.1.18-2+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltXjoFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkG1MQAKejhmKZD5ZjanuXmg78WiTO47LxZ1ZmN6s0
wR1C1uE8dgF45O0rkMZqClrZSkUnVig7VmrdoPK6q5MwMM86XaIf8RYnwARLCMI4
t7KZUrl+dxpUrpBIRwpXjwqgCKZlhzqsskND9j0HBzvsO4Kk5yRFlw+XmkWeqixj
8y6SZ/C4ItAI3DIa/h2z/pDi2hJSmQ+j8qqXKMwyaBtppwQ5IapeXFI6GDPZVqTI
trWCo5PXt5GTKoWOcCb4BrSjvyTbevMDFEC8y3A3zAwnI3y3ik6T6+rQQnQjr2Fg
e8F/SWYe6o2QbRT7llCkb9AHta7rnf0YcV5e0dIILNTtesNvS7wkxSk9UctNQZob
cNLdTXFXu59XoK5w0Mm7ENuRcIl/RZ+hY7Ki0UJ5HeihHYtSgkxVpAl83G5ajwOj
nKddGuo4RChsfy8aQaoMTsviLRt7wxZ7m+CXvFfWKFhEqy1KQ1L5D/x+MhLVnVHo
cUCc0gbgcI0mTDGSfGmjsB3VCojKcZ55sjSNsUAJZ+4xBQOD618xyiBuVqRVFJyS
0nWlET+0HKeGgfW3kc/Tn6yliHW0PEbs82V5klH3Rul1iSciR9h47QAIhZJL9dxT
8NsF3+VOwlUH+jGdhLSaQNyIhtP5SeffpyDnp/hPiL3dWHiBxmdta6XUfw7GddIR
MLg6zmam
=k8pd
-----END PGP SIGNATURE-----