Comment 8 for bug 1614841

Revision history for this message
Mark Sapiro (msapiro) wrote :

CVE-2011-0707 is not related to this CSRF issue. It references an XSS vulnerability that was fixed in Mailman 2.1.15 and so noted in the changelog of that release at

CVE-2016-7123 is a new CVE that apparently just acknowledging the CSRF vulnerability in the admin interface that exists in Mailman prior to 2.1.15. See