CVEs related to bugs in GNU Mailman

Open bugs

Bug CVE(s)
Bug #1913241: A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. CVE-2018-13796
GNU Mailman New, assigned to Abderrahmane Sahnoun

Resolved bugs

Bug CVE(s)
Bug #266190: Traceback in private.py after security patch CVE-2005-0202
GNU Mailman Invalid (unassigned)
Bug #558226: email.Utils.parsedate can return bogus date CVE-2005-4153
GNU Mailman Fix released (unassigned)
Bug #775294: Set lifetime for input forms CVE-2016-7123
GNU Mailman Fix released (unassigned)
Bug #1437145: Path traversal vulnerability exists in Mailman and can be exploited if Mailman's MTA is Exim. CVE-2015-2775
GNU Mailman Fix released, assigned to Mark Sapiro
Bug #1614841: CSRF protection needs to be extended to the user options page CVE-2011-0707
CVE-2016-6893
CVE-2016-7123
GNU Mailman Fix released, assigned to Mark Sapiro
Bug #1747209: XSS vulnerability and information leak in user options CGI CVE-2018-5950
GNU Mailman Fix released, assigned to Mark Sapiro
Bug #1780874: Arbitrary text injection vulnerability in Mailman CGIs CVE-2018-13796
GNU Mailman Fix released, assigned to Mark Sapiro
Bug #1873722: Arbitrary Content Injection via the options login page. CVE-2020-12108
GNU Mailman Fix released, assigned to Mark Sapiro
Bug #1877379: Arbitrary Content Injection via the private archive login page. CVE-2020-15011
GNU Mailman Fix released, assigned to Mark Sapiro
Bug #1886117: Scrubbed application/octet-stream parts should not have .obj extension CVE-2020-12137
GNU Mailman Fix released (unassigned)