FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9d7a2b54-4468-11ec-8532-0d24c37c72c8mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password

Mark Sapiro reports:

A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401).

A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-43332 (LP: #1949403)


Discovery 2021-11-01
Entry 2021-11-13
mailman
< 2.1.37

mailman-exim4
< 2.1.37

mailman-exim4-with-htdig
< 2.1.37

mailman-postfix
< 2.1.37

mailman-postfix-with-htdig
< 2.1.37

mailman-with-htdig
< 2.1.37

CVE-2021-43331
CVE-2021-43332
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1949401
https://bugs.launchpad.net/mailman/+bug/1949403