CVE-2018-13796

Published: 12 July 2018

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
mailman Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Released (1:2.1.26-1ubuntu0.1)
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable (1:2.1.27-1.1)
	eoan	Not vulnerable (1:2.1.27-1.1)
	focal	Not vulnerable (1:2.1.27-1.1)
	precise	Does not exist
	trusty	Does not exist (trusty was needs-triage)
	upstream	Released (1:2.1.27-1.1)
	xenial	Released (1:2.1.20-1ubuntu0.4)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.