[Mailman-Developers] [Mailman-Users] any info on this reported exploit?
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Tue Jan 31 02:37:25 CET 2006
Tokio Kikuchi wrote:
>> http://www.securityfocus.com/bid/16248/discuss
>> GNU Mailman Large Date Data Denial Of Service Vulnerability
>> GNU Mailman is prone to a denial of service attack. This issue affects
>> the
>> email date parsing functionality of Mailman.
(snip)
>> 06.3.18 CVE: CVE-2005-4153
(snip)
>
> Mailman-2.1.7 is not vulnerable to this issue.
>
We may have to patch against this email package parsedate bug.
I've just uploaded a patch on SF tracker. Please someone review this
before I commit in the CVS (this weekend, maybe).
https://sourceforge.net/tracker/?func=add&group_id=103&atid=300103
Cheers,
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Developers
mailing list