December 20, 2001

Debian security: DSA-094 mailman

Author: JT Smith

From "Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables.

These have been fixed upstream in version 2.0.8, and the relevant patches have been backported to version 1.1-10 in Debian."


  • Linux
Click Here!