FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b4f0ad36-94a5-11e8-9007-080027ac955cmailman -- content spoofing with invalid list names in web UI

Mark Sapiro reports:

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi.


Discovery 2018-07-09
Entry 2018-07-31
mailman
< 2.1.28

mailman-with-htdig
< 2.1.28

ja-mailman
< 2.1.14.j7_6,1

https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html
CVE-2018-13796
0d6efbe3-52d9-11ec-9472-e3667ed6088emailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page

Mark Sapiro reports:

A list moderator or list member can potentially carry out a CSRF attack by getting a list admin to visit a crafted web page.


Discovery 2021-11-25
Entry 2021-12-01
mailman
< 2.1.38

mailman-exim4
< 2.1.38

mailman-exim4-with-htdig
< 2.1.38

mailman-postfix
< 2.1.38

mailman-postfix-with-htdig
< 2.1.38

mailman-with-htdig
< 2.1.38

CVE-2021-44227
https://bugs.launchpad.net/mailman/+bug/1952384
https://www.mail-archive.com/mailman-users@python.org/msg73979.html
88760f4d-8ef7-11ea-a66d-4b2ef158be83mailman -- arbitrary content injection vulnerability via options or private archive login pages

Mark Sapiro reports:

A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh.

An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack.

(added 2020-05-07) This is essentially the same as https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is the private archive login page and the attack only succeeds if the list's roster visibility (private_roster) setting is 'Anyone'.


Discovery 2020-04-20
Entry 2020-05-07
mailman
< 2.1.30_4

ge 2.1.31 lt 2.1.33

mailman-with-htdig
< 2.1.30_4

ge 2.1.31 lt 2.1.33

https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1873722
https://bugs.launchpad.net/mailman/+bug/1877379
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
CVE-2018-13796
a5f160fa-deee-11e4-99f8-080027ef73ecmailman -- path traversal vulnerability

Mark Sapiro reports:

A path traversal vulnerability has been discovered and fixed. This vulnerability is only exploitable by a local user on a Mailman server where the suggested Exim transport, the Postfix postfix_to_mailman.py transport or some other programmatic MTA delivery not using aliases is employed.


Discovery 2015-03-27
Entry 2015-04-09
Modified 2015-06-17
mailman
< 2.1.20

mailman-with-htdig
< 2.1.20

ja-mailman
< 2.1.14.j7_2,1

https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html
https://bugs.launchpad.net/mailman/+bug/1437145
CVE-2015-2775
8d65aa3b-31ce-11ec-8c32-a14e8e520dc7mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35

Mark Sapiro reports:

A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.

A CSRF attack via the user options page could allow takeover of a users account. This is fixed.


Discovery 2021-10-18
Entry 2021-10-20
mailman
< 2.1.35

mailman-with-htdig
< 2.1.35

CVE-2021-42096
CVE-2021-42097
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1947639
https://bugs.launchpad.net/mailman/+bug/1947640
b11ab01b-6e19-11e6-ab24-080027ef73ecmailman -- CSRF protection enhancements

Mark Sapiro reports:

CSRF protection has been extended to the user options page. This was actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and intended for Mailman 2.1.15, but that fix wasn't completely merged at the time. The full fix also addresses the admindb, and edithtml pages as well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.


Discovery 2016-08-19
Entry 2016-08-29
mailman
< 2.1.23

http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668
https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
CVE-2016-6893
9e50dcc3-740b-11e6-94a2-080027ef73ecmailman -- CSRF hardening in parts of the web interface

The late Tokio Kikuchi reported:

We may have to set lifetime for input forms because of recent activities on cross-site request forgery (CSRF). The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:~tkikuchi/mailman/form-lifetime implement lifetime in admin, admindb, options and edithtml interfaces. [...]

The web admin interface has been hardened against CSRF attacks by adding a hidden, encrypted token with a time stamp to form submissions and not accepting authentication by cookie if the token is missing, invalid or older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one hour. Posthumous thanks go to Tokio Kikuchi for this implementation [...].


Discovery 2011-05-02
Entry 2016-09-06
mailman
< 2.1.15

https://bugs.launchpad.net/mailman/+bug/775294
https://launchpad.net/mailman/2.1/2.1.15
CVE-2016-7123
739948e3-78bf-11e8-b23c-080027ac955cmailman -- hardening against malicious listowners injecting evil HTML scripts

Mark Sapiro reports:

Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added.

A few more error messages have had their values HTML escaped.

The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address.


Discovery 2018-03-09
Entry 2018-06-25
mailman
< 2.1.27

mailman-with-htdig
< 2.1.27

ja-mailman
< 2.1.14.j7_5,1

https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8
https://www.mail-archive.com/mailman-users@python.org/
CVE-2018-0618
9d7a2b54-4468-11ec-8532-0d24c37c72c8mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password

Mark Sapiro reports:

A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401).

A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-43332 (LP: #1949403)


Discovery 2021-11-01
Entry 2021-11-13
mailman
< 2.1.37

mailman-exim4
< 2.1.37

mailman-exim4-with-htdig
< 2.1.37

mailman-postfix
< 2.1.37

mailman-postfix-with-htdig
< 2.1.37

mailman-with-htdig
< 2.1.37

CVE-2021-43331
CVE-2021-43332
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1949401
https://bugs.launchpad.net/mailman/+bug/1949403
3d0eeef8-0cf9-11e8-99b0-d017c2987f9aMailman -- Cross-site scripting (XSS) vulnerability in the web UI

Mark Sapiro reports:

An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login.


Discovery 2018-01-20
Entry 2018-02-08
mailman
< 2.1.26

mailman-with-htdig
< 2.1.26

ja-mailman
le 2.1.14.j7_3,1

https://www.mail-archive.com/mailman-users@python.org/msg70478.html
CVE-2018-5950