Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-7123

Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.

Related bugs and status

CVE-2016-7123 (Candidate) is related to these bugs:

Bug #775294: Set lifetime for input forms

Summary				In	Importance	Status
	775294	Set lifetime for input forms		GNU Mailman	Undecided	Fix Released

Bug #1614841: CSRF protection needs to be extended to the user options page

Summary				In	Importance	Status
	1614841	CSRF protection needs to be extended to the user options page		GNU Mailman	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
BID: 92732
SECTRACK: 1037160