FreeBSD : mailman -- CSRF protection enhancements (b11ab01b-6e19-11e6-ab24-080027ef73ec)
Medium Nessus Plugin ID 93211
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMark Sapiro reports :
CSRF protection has been extended to the user options page. This was actually fixed by Tokio Kikuchi as part of the fix for LP : #775294 and intended for Mailman 2.1.15, but that fix wasn't completely merged at the time. The full fix also addresses the admindb, and edithtml pages as well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.
SolutionUpdate the affected package.