[Mailman-Developers] Patches in mandriva package
????
tkikuchi at is.kochi-u.ac.jp
Tue Sep 12 12:38:36 CEST 2006
Tokio Kikuchi wrote:
> ToDigest.send_digests() can block regular delivery. We put the
> send_digests() calling part in a try/except clause and leave a message
> in the error log if something happened in send_digests(). Daily call of
> cron/senddigests will provide more detail to the site administrator.
I noticed this may lead to yet another DoS for digest delivery. The
malicious (non-compliant MIME) message may cause other digest deliveries
to stop as long as the malicious message remains in the digest.mbox
file. I created a patch for this situation and uploaded in the patch
area of SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1556858&group_id=103&atid=300103
I think I will commit in the Release-2.1-maint branch and include in the
2.1.9 final release. I appreciate anyone can review the patch.
At this point of writing, I should note 2.1.9(rc1) has no known
vulnerablities by which this patch is required.
--
Tokio Kikuchi tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Developers
mailing list