Bug 1171363 - (CVE-2020-12108) VUL-1: CVE-2020-12108: mailman: arbitrary content injection in options.py
(CVE-2020-12108)
VUL-1: CVE-2020-12108: mailman: arbitrary content injection in options.py
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/259135/
CVSSv3.1:SUSE:CVE-2020-12108:4.3:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-07 12:18 UTC by Alexandros Toptsoglou
Modified: 2020-10-27 14:13 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Alexandros Toptsoglou 2020-05-07 12:20:27 UTC
Tracked as affected: 

SLE10-SP3
SLE11
SLE12
Comment 2 OBSbugzilla Bot 2020-05-12 13:20:11 UTC
This is an autogenerated message for OBS integration:
This bug (1171363) was mentioned in
https://build.opensuse.org/request/show/802968 15.1 / mailman
Comment 4 Swamp Workflow Management 2020-05-15 19:14:45 UTC
openSUSE-SU-2020:0661-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1171363,682920
CVE References: CVE-2020-12108
Sources used:
openSUSE Leap 15.1 (src):    mailman-2.1.29-lp151.3.11.1
Comment 5 Swamp Workflow Management 2020-05-29 13:35:42 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2020-06-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64460
Comment 6 Swamp Workflow Management 2020-06-03 13:16:38 UTC
openSUSE-SU-2020:0764-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1171363,682920
CVE References: CVE-2020-12108
Sources used:
openSUSE Backports SLE-15-SP1 (src):    mailman-2.1.29-bp151.5.9.1
Comment 7 Marcus Meissner 2020-07-25 06:49:34 UTC
released
Comment 8 OBSbugzilla Bot 2020-10-16 21:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1171363) was mentioned in
https://build.opensuse.org/request/show/842196 15.2 / mailman
Comment 9 OBSbugzilla Bot 2020-10-17 11:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1171363) was mentioned in
https://build.opensuse.org/request/show/842285 15.2 / mailman
Comment 10 Swamp Workflow Management 2020-10-22 16:18:35 UTC
openSUSE-SU-2020:1707-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1171363,1173369
CVE References: CVE-2020-12108,CVE-2020-12137,CVE-2020-15011
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    mailman-2.1.34-lp152.7.3.1
Comment 11 Swamp Workflow Management 2020-10-27 14:13:59 UTC
openSUSE-SU-2020:1752-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1171363,1173369
CVE References: CVE-2020-12108,CVE-2020-12137,CVE-2020-15011
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    mailman-2.1.34-bp152.7.3.1