Accepted mailman 1:2.1.8-2ubuntu2 (source)
Martin Pitt
martin.pitt at ubuntu.com
Tue Sep 12 21:55:12 BST 2006
Accepted:
OK: mailman_2.1.8-2ubuntu2.dsc
-> Component: main Section: mail
OK: mailman_2.1.8-2ubuntu2.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 12 Sep 2006 21:29:14 +0200
Source: mailman
Binary: mailman
Architecture: source
Version: 1:2.1.8-2ubuntu2
Distribution: edgy
Urgency: low
Maintainer: Mailman for Debian <pkg-mailman-hackers at lists.alioth.debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
mailman - Powerful, web-based mailing list manager
Changes:
mailman (1:2.1.8-2ubuntu2) edgy; urgency=low
.
* SECURITY UPDATE: XSS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
- Fix various cross-site scripting vulnerabilities.
- Patch backported from svn head, thanks to Barry Warsaw for preparing it.
- CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
- Scrubber.py: Do not bail out if emails' get_filename() throws a
ValueError. This has been properly fixed in the next upstream email
package (in Python core), but the fix is very intrusive. Thanks to Steve
Alexander for discovering this and for the proposed patch.
- CVE-2006-2941
- Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
- Check characters in URL to prevent injecting bogus messages into
error_log.
- Patch taken from upstream SVN:
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918
Files:
18b19ec027f1cfb6c6042488ed74fc0f 815 mail optional mailman_2.1.8-2ubuntu2.dsc
137cd017cee84001e51f4b0cd3a8573a 200526 mail optional mailman_2.1.8-2ubuntu2.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFBwrMDecnbV4Fd/IRAnD6AKD51V30uBeDlzFkOhaOuIC+9OIiHACdGC1v
wzQ7b7u9bcX2GPZVeUa4plE=
=z4iS
-----END PGP SIGNATURE-----
More information about the edgy-changes
mailing list