I'm releasing Mailman 2.0.7 which fixes two potential, though obscure
security or denial-of-service attacks, along with a few other minor
bug fixes. Details:
- If you are running Python 1.5.2, it is possible for someone to
carefully craft some cookie data, and then trick Mailman into
accepting that data, that will crash your Python interpreter.
If you are not running Python 1.5.2, you should be invulnerable to
the crash, however it is still possible for someone to even more
carefully craft some cookie data that could cause arbitrary class
constructors to be executed on the server.
While I believe it is difficult to exploit this, Mailman 2.0.7
closes this hole completely, by disabling the Cookie.py module's
default unpickling of cookie data.
- It is possible that Mailman's bounce handler could receive a bounce
message that looked like a DSN report, but was incorrectly
formatted. Under Mailman 2.0.6's bounce detector, you would get a
traceback for a message that would never be removed from the queue,
thus potentially wedging your qrunner until the offending message
was manually deleted.
Mailman 2.0.7 fixes the DSN.py bounce detector.
There are a few other useful bug fixes in this release, described in
the NEWS excerpt below. I recommend anybody running a version of
Mailman up to, and including 2.0.6 to upgrade to 2.0.7.
I'm releasing this version only as a tarball -- no patch file is
provided at this time. As of this moment, only the SourceForge site
is up-to-date, although I expect www.list.org and www.gnu.org to
follow soon. The release information is available on SourceForge at:
and the file can be downloaded from:
-------------------- snip snip --------------------
- Closed a hole in cookie management whereby some carefully
crafted untrusted cookie data could crash Mailman if used with
Python 1.5.2, or cause some unintended class constructors to be
run on the server.
- In the DSN.py bounce handler, a message that was DSN-like, but
which was missing a "report-type" parameter could cause a
non-deletable bounce message to crash Mailman forever, requiring
- Stray % signs in headers and footers could cause crashes. Now
they'll just cause an [INVALID HEADER] or [INVALID FOOTER]
string to be added.
- The mail->news gateway has been made more robust in the face of
duplicate headers, and reserved headers that some news servers
reject. If the message is still rejected, it is saved in
$prefix/nntp instead of discarded.
- Hand-crafted invalid chunk number in membership management
display could cause a traceback.