Date: Thu, 7 May 2020 19:56:01 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r534283 - head/security/vuxml Message-ID: <202005071956.047Ju1wd044525@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Thu May 7 19:56:00 2020 New Revision: 534283 URL: https://svnweb.freebsd.org/changeset/ports/534283 Log: mail/mailman: extend content injection vuln via private archive login This led up to mailman 2.1.33 today. https://bugs.launchpad.net/mailman/+bug/1877379 https://launchpadlibrarian.net/478684932/private.diff https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/ Approved by: ports-secteam@ (blanket for security fixes) Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu May 7 17:54:11 2020 (r534282) +++ head/security/vuxml/vuln.xml Thu May 7 19:56:00 2020 (r534283) @@ -135,15 +135,17 @@ Notes: </vuln> <vuln vid="88760f4d-8ef7-11ea-a66d-4b2ef158be83"> - <topic>mailman -- content injection vulnerability via options login page</topic> + <topic>mailman -- arbitrary content injection vulnerability via options or private archive login pages</topic> <affects> <package> <name>mailman</name> - <range><lt>2.1.30_3</lt></range> + <range><lt>2.1.30_4</lt></range> + <range><ge>2.1.31</ge><lt>2.1.33</lt></range> </package> <package> <name>mailman-with-htdig</name> - <range><lt>2.1.30_3</lt></range> + <range><lt>2.1.30_4</lt></range> + <range><ge>2.1.31</ge><lt>2.1.33</lt></range> </package> </affects> <description> @@ -159,16 +161,26 @@ Notes: An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack. </p> </blockquote> + <blockquote cite="https://bugs.launchpad.net/mailman/+bug/1877379">; + <p> + (added 2020-05-07) This is essentially the same as + https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is + the private archive login page and the attack only succeeds if the + list's roster visibility (private_roster) setting is 'Anyone'. + </p> + </blockquote> </body> </description> <references> <url>https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8</url>; <url>https://bugs.launchpad.net/mailman/+bug/1873722</url>; + <url>https://bugs.launchpad.net/mailman/+bug/1877379</url>; + <url>https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/</url>; <cvename>CVE-2018-13796</cvename> </references> <dates> <discovery>2020-04-20</discovery> - <entry>2020-05-05</entry> + <entry>2020-05-07</entry> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005071956.047Ju1wd044525>