-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-05 - - --------------------------------------------------------------------- PACKAGE : mailman SUMMARY : cross site scripting DATE : 2003-02-17 09:16 UTC EXPLOIT : remote - - --------------------------------------------------------------------- The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities. Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/mailman upgrade to mailman-2.1.1 as follows: emerge sync emerge -u mailman emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UKiNfT7nyhUpoZMRAuI2AJ9wnFfMKTXwBVyFnMLASs6SGuZggwCeKdgj k2lHmZN7hAxMFTM7ilmS974= =S96x -----END PGP SIGNATURE-----
