From barry at python.org Sat Sep 2 20:47:32 2006 From: barry at python.org (Barry Warsaw) Date: Sat, 2 Sep 2006 14:47:32 -0400 Subject: [Mailman-Announce] RELEASED Mailman 2.1.9 release candidate 1 Message-ID: <243CCA3B-B7E9-42E4-9D67-A24E7AC91154@python.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On behalf of the Mailman development team, I'm happy to announce the release of Mailman 2.1.9 release candidate 1. This is primarily a bug fix and security release, although it also contains two new languages: Arabic and Vietnamese. This version is not yet recommended for production environments, however testing and feedback is greatly encouraged. My plan is to release 2.1.9 final by 10-Sep-2006. A more detailed list of changes will be included in the final release announcement. Mailman 2.1.9rc1.tgz is available from SourceForge: https://sourceforge.net/project/showfiles.php?group_id=103 Translators: If you have any language updates you'd like to see in 2.1.9 final, please commit them now or send them to me. Enjoy, - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBRPnRyXEjvBPtnXfVAQKuLAP/aUjiZEelQy/oObIadsrhVl9YzP9dcbfE jK1rJuGQsB7VKHe2X/uQWuaAy95pxhNwo/j/N9qtTaSjlZvjTC74E8WboxJmCemf A+azXWgaVY/C3L+HDneqFGBVZLXkKg+4IfxmKPALcEs88jHGzOpvlnuZEVzpyaon bOYFooMqc3c= =NWI4 -----END PGP SIGNATURE----- From barry at python.org Wed Sep 13 16:00:57 2006 From: barry at python.org (Barry Warsaw) Date: Wed, 13 Sep 2006 10:00:57 -0400 Subject: [Mailman-Announce] RELEASED: Mailman 2.1.9 Message-ID: <8538763C-6FBD-49CD-A252-E1A5991F1837@python.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On behalf of the GNU Mailman development team, I'm please to announce GNU Mailman 2.1.9. This is primarily a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.9 also contains support for two new languages: Arabic and Vietnamese. Mailman is free software for managing email mailing lists and e- newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, including download links, please see: http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman A more detailed change list is included below. Enjoy, - -Barry 2.1.9 (12-Sep-2006) Security - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191. Internationalization - New languages: Arabic, Vietnamese. Bug fixes and other patches - Fixed Decorate.py so that characters in message header/footer which are not in the character set of the list's language are ignored rather than causing shunted messages (1507248). - Switchboard.py - Closed very tiny holes at the upper ends of queue slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBRQgPGnEjvBPtnXfVAQIVoQP/R2DffgpcPMzUrsef+ZEcYUeuQ1mOcol2 Z2+iQiHkCx6SP2B/NzOzqMQybvQAAe/TzJWzcfqDDoDDdF+vhJH+kkQIuRwHc5jd +TDF1NOUBegTyxQnoyCHVQddcVNMg9HTTkdwHuvE8MhP1gNuHEnefxf2wbf5+hRq h5/qlBiANn0= =VCTA -----END PGP SIGNATURE----- From barry at python.org Wed Sep 13 16:40:15 2006 From: barry at python.org (Barry Warsaw) Date: Wed, 13 Sep 2006 10:40:15 -0400 Subject: [Mailman-Announce] [Mailman-Users] RELEASED: Mailman 2.1.9 In-Reply-To: <20060913141006.GY6362@charite.de> References: <8538763C-6FBD-49CD-A252-E1A5991F1837@python.org> <20060913141006.GY6362@charite.de> Message-ID: <97F683C1-578A-4E1E-98E0-8FD90A115DB5@python.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 13, 2006, at 10:10 AM, Ralf Hildebrandt wrote: > The download link on http://www.gnu.org/software/mailman/download.html > pointing to http://www.list.org/mailman.tar.gz doesn't work. > > The download link on http://www.gnu.org/software/mailman/download.html > pointing to http://ftp.gnu.org/gnu/mailman/ > lacks 2.1.9 Due to a recent server move and bandwidth cap, we can no longer provide tarball downloads from list.org. Also, because of gnu.org's ftp upload procedure, it sometimes lags behind SourceForge. Your best bet immediately is to get it from SF. I've updated the download.html page to explain these issues. Thanks, - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBRQgYT3EjvBPtnXfVAQLWqgQAth4R8JC313TxhXlNBx1maJiYZWJVA9Qg 6IUmlhrAetCFHzIWArXDKncLE+s85iOJg24eFroiQwGTw3a7tcNMkaG1vCa++E7R bl4phJ2BB0xnpDi0lKe/f5Wt8ewjNEuUwLDFImFFJguKZEMl+4RUrHo9awL19R/K HLqaksjmCeU= =UyOs -----END PGP SIGNATURE-----