[Mailman-Announce] RELEASED: Mailman 2.1.9

Barry Warsaw barry at python.org
Wed Sep 13 16:00:57 CEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On behalf of the GNU Mailman development team, I'm please to announce  
GNU Mailman 2.1.9.  This is primarily a security and bug fix release  
and it is highly recommended that all sites upgrade to this version.   
Mailman 2.1.9 also contains support for two new languages: Arabic and  
Vietnamese.

Mailman is free software for managing email mailing lists and e- 
newsletters.  Mailman is used for all the python.org and  
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, including download links, please see:

	http://www.list.org
	http://mailman.sf.net
	http://www.gnu.org/software/mailman

A more detailed change list is included below.

Enjoy,
- -Barry

2.1.9 (12-Sep-2006)

   Security

     - A malicious user could visit a specially crafted URI and  
inject an
       apparent log message into Mailman's error log which might  
induce an
       unsuspecting administrator to visit a phishing site.  This has  
been
       blocked.  Thanks to Moritz Naumann for its discovery.

     - Fixed denial of service attack which can be caused by some
       standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

     - Several cross-site scripting issues have been fixed.  Thanks  
to Moritz
       Naumann for their discovery.  CVE-2006-3636

     - Fixed an unexploitable format string vulnerability.  Discovery  
and fix
       by Karl Chen.  Analysis of non-exploitability by Martin 'Joey'  
Schulze.
       Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.

   Internationalization

     - New languages: Arabic, Vietnamese.

   Bug fixes and other patches

     - Fixed Decorate.py so that characters in message header/footer  
which
       are not in the character set of the list's language are  
ignored rather
       than causing shunted messages (1507248).

     - Switchboard.py - Closed very tiny holes at the upper ends of  
queue
       slices that could result in unprocessable queue entries.   
Improved FIFO
       processing when two queue entries have the same timestamp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQCVAwUBRQgPGnEjvBPtnXfVAQIVoQP/R2DffgpcPMzUrsef+ZEcYUeuQ1mOcol2
Z2+iQiHkCx6SP2B/NzOzqMQybvQAAe/TzJWzcfqDDoDDdF+vhJH+kkQIuRwHc5jd
+TDF1NOUBegTyxQnoyCHVQddcVNMg9HTTkdwHuvE8MhP1gNuHEnefxf2wbf5+hRq
h5/qlBiANn0=
=VCTA
-----END PGP SIGNATURE-----

More information about the Mailman-announce mailing list