RELEASED: Mailman 2.1.9

Barry Warsaw barry at python.org
Wed Sep 13 16:00:57 CEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On behalf of the GNU Mailman development team, I'm please to announce  
Mailman 2.1.9.  This is primarily a security and bug fix release and  
it is highly recommended that all sites upgrade to this version.   
Mailman 2.1.9 also contains support for two new languages: Arabic and  
Vietnamese.

Mailman is free software, written primarily in Python, for managing  
email mailing lists and e-newsletters.  It is licensed under the  
GPL.  Mailman is used for all the python.org and SourceForge.net  
mailing lists, as well as at hundreds of other sites.

For more information, including download links, please see:

	http://www.list.org
	http://mailman.sf.net
	http://www.gnu.org/software/mailman

A more detailed change list is included below.

Enjoy,
- -Barry

2.1.9 (12-Sep-2006)

    Security

      - A malicious user could visit a specially crafted URI and  
inject an
        apparent log message into Mailman's error log which might   
induce an
        unsuspecting administrator to visit a phishing site.  This  
has  been
        blocked.  Thanks to Moritz Naumann for its discovery.

      - Fixed denial of service attack which can be caused by some
        standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

      - Several cross-site scripting issues have been fixed.  Thanks  
to Moritz
        Naumann for their discovery.  CVE-2006-3636

      - Fixed an unexploitable format string vulnerability.   
Discovery and fix
        by Karl Chen.  Analysis of non-exploitability by Martin  
'Joey'  Schulze.
        Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.

    Internationalization

      - New languages: Arabic, Vietnamese.

    Bug fixes and other patches

      - Fixed Decorate.py so that characters in message header/ 
footer  which
        are not in the character set of the list's language are   
ignored rather
        than causing shunted messages (1507248).

      - Switchboard.py - Closed very tiny holes at the upper ends of   
queue
        slices that could result in unprocessable queue entries.    
Improved FIFO
        processing when two queue entries have the same timestamp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQCVAwUBRQloNnEjvBPtnXfVAQIWLAP6A0VDgWdMsunFGRGDvvpVTCh/pjHGFdVx
MfpLcyxSMyBczBwA4W2+03JAi7VWk69Bhz7oihIviV05O2VUnjxpSUV96URRLpT6
0DXOF7Kmd+V9h9khkd23B9rGKHDQbT8ycpbfAq6eezYm5Dystwz+CzgKd3NByQpL
qbGnvk+8M00=
=SkfY
-----END PGP SIGNATURE-----

More information about the Python-announce-list mailing list