On Fri, Feb 18, 2011 at 11:01, Mark Sapiro <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2/13/2011 1:58 PM, Mark Sapiro wrote: >> An XXS vulnerability affecting Mailman 2.1.14 and prior versions has >> recently been discovered. A patch has been developed to address this >> issue. The patch is small, affects only one module and can be applied to >> a live installation without requiring a restart. >> >> In order to accommodate those who need some notice before applying such >> a patch, the patch will be posted on Friday, 18 February at about 16:00 >> GMT to the same four lists to which this announcement is addressed. > > > The vulnerability has been assigned CVE-2011-0707. > > The patch is attached as confirm_xss.patch.txt.
Mark, I want to say Thank You for the advanced notification and the patch. Mailman continues to be the leading substantive communication enabler, and it is entirely due to the dedication and quality work of yourself and the Mailman developer community. Thank you, -Jim P. _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
