sync with lp:mailman/2.1 rev 1744 (2.1.26)

author: Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> 2018-02-05 02:58:21 +0900
committer: Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> 2018-02-05 02:58:21 +0900
commit: 042a223d0eb6240e2a5e843769be76b378ac08b3 (patch)
tree: e639d85523e7a27d292900140f244aedc48a1acd /NEWS
parent: 0627aae9ef10fb96adaaa0a27e10f314bf7ee61b (diff)
parent: efb0588b6eca8063fcefdd376335322db1cbb758 (diff)
download: mailman2-042a223d0eb6240e2a5e843769be76b378ac08b3.tar.gz
mailman2-042a223d0eb6240e2a5e843769be76b378ac08b3.tar.xz
mailman2-042a223d0eb6240e2a5e843769be76b378ac08b3.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index b1af8bfb..5f66485c 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,15 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
-2.1.26 (xx-xxx-xxxx)
+2.1.26 (04-Feb-2018)
+
+  Security
+
+    - An XSS vulnerability in the user options CGI could allow a crafted URL
+      to execute arbitrary javascript in a user's browser.  A related issue
+      could expose information on a user's options page without requiring
+      login.  These are fixed.  Thanks to Calum Hutton for the report.
+      CVE-2018-5950  (LP: #1747209)
 
   New Features
author	Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp>	2018-02-05 02:58:21 +0900
committer	Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp>	2018-02-05 02:58:21 +0900
commit	042a223d0eb6240e2a5e843769be76b378ac08b3 (patch)
tree	e639d85523e7a27d292900140f244aedc48a1acd /NEWS
parent	0627aae9ef10fb96adaaa0a27e10f314bf7ee61b (diff)
parent	efb0588b6eca8063fcefdd376335322db1cbb758 (diff)
download	mailman2-042a223d0eb6240e2a5e843769be76b378ac08b3.tar.gz mailman2-042a223d0eb6240e2a5e843769be76b378ac08b3.tar.xz mailman2-042a223d0eb6240e2a5e843769be76b378ac08b3.zip