GNU Mailman Multiple Remote Vulnerabilities
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with these and other issues. For more information, please see the referenced advisory.
Ubuntu has released an advisory called USN-59-1 to address these issues for Ubuntu Linux. Please see the referenced advisory for further information.
Gentoo Linux has released advisory GLSA 200501-29 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Please see the referenced advisory for further information.
Mandrake Linux has released advisory MDKSA-2005:015 along with fixes dealing with this issue. Please see the referenced advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. SuSE Linux has also released advisory SUSE-SA:2005:007 to supersede the earlier advisory
Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.
Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.
Red Hat has released advisory RHSA-2005:235-05 to address the cross-site scripting issue (CAN-2004-1177). Please see the referenced advisory for more information.
GNU Mailman 2.0.11
GNU Mailman 2.0.13
GNU Mailman 2.1.1
GNU Mailman 2.1.2
GNU Mailman 2.1.4
GNU Mailman 2.1.5