MGASA-2016-0343

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0343.html

Import Source

https://advisories.mageia.org/MGASA-2016-0343.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0343

Related

CVE-2016-6893

Published

2016-10-18T18:43:39Z

Modified

2026-02-04T02:29:03.945137Z

Summary

Updated mailman package fixes security vulnerability

Details

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account (CVE-2016-6893).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / mailman

Package

Name: mailman
Purl: pkg:rpm/mageia/mailman?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.20-3.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2016-0343.json"