FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8d65aa3b-31ce-11ec-8c32-a14e8e520dc7mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35

Mark Sapiro reports:

A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.

A CSRF attack via the user options page could allow takeover of a users account. This is fixed.


Discovery 2021-10-18
Entry 2021-10-20
mailman
lt 2.1.35

mailman-with-htdig
lt 2.1.35

CVE-2021-42096
CVE-2021-42097
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1947639
https://bugs.launchpad.net/mailman/+bug/1947640