RELEASED: Mailman 2.1.9
Barry Warsaw
barry at python.org
Wed Sep 13 16:00:57 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the GNU Mailman development team, I'm please to announce
Mailman 2.1.9. This is primarily a security and bug fix release and
it is highly recommended that all sites upgrade to this version.
Mailman 2.1.9 also contains support for two new languages: Arabic and
Vietnamese.
Mailman is free software, written primarily in Python, for managing
email mailing lists and e-newsletters. It is licensed under the
GPL. Mailman is used for all the python.org and SourceForge.net
mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org
http://mailman.sf.net
http://www.gnu.org/software/mailman
A more detailed change list is included below.
Enjoy,
- -Barry
2.1.9 (12-Sep-2006)
Security
- A malicious user could visit a specially crafted URI and
inject an
apparent log message into Mailman's error log which might
induce an
unsuspecting administrator to visit a phishing site. This
has been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks
to Moritz
Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability.
Discovery and fix
by Karl Chen. Analysis of non-exploitability by Martin
'Joey' Schulze.
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
Internationalization
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/
footer which
are not in the character set of the list's language are
ignored rather
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of
queue
slices that could result in unprocessable queue entries.
Improved FIFO
processing when two queue entries have the same timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQloNnEjvBPtnXfVAQIWLAP6A0VDgWdMsunFGRGDvvpVTCh/pjHGFdVx
MfpLcyxSMyBczBwA4W2+03JAi7VWk69Bhz7oihIviV05O2VUnjxpSUV96URRLpT6
0DXOF7Kmd+V9h9khkd23B9rGKHDQbT8ycpbfAq6eezYm5Dystwz+CzgKd3NByQpL
qbGnvk+8M00=
=SkfY
-----END PGP SIGNATURE-----
More information about the Python-announce-list
mailing list