-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sep 13, 2006, at 10:10 AM, Ralf Hildebrandt wrote:
> The download link on http://www.gnu.org/software/mailman/download.html
> pointing to http://www.list.org/mailman.tar.gz doesn't work.
>
> The download link on http://www.gnu.org/software/mailman/download.html
> pointing to http://ftp.gnu.org/gnu/mailman/
> lacks 2.1.9
Due to a recent server move and bandwidth cap, we can no longer
provide tarball downloads from list.org. Also, because of gnu.org's
ftp upload procedure, it sometimes lags behind SourceForge. Your
best bet immediately is to get it from SF.
I've updated the download.html page to explain these issues.
Thanks,
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQgYT3EjvBPtnXfVAQLWqgQAth4R8JC313TxhXlNBx1maJiYZWJVA9Qg
6IUmlhrAetCFHzIWArXDKncLE+s85iOJg24eFroiQwGTw3a7tcNMkaG1vCa++E7R
bl4phJ2BB0xnpDi0lKe/f5Wt8ewjNEuUwLDFImFFJguKZEMl+4RUrHo9awL19R/K
HLqaksjmCeU=
=UyOs
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the GNU Mailman development team, I'm please to announce
GNU Mailman 2.1.9. This is primarily a security and bug fix release
and it is highly recommended that all sites upgrade to this version.
Mailman 2.1.9 also contains support for two new languages: Arabic and
Vietnamese.
Mailman is free software for managing email mailing lists and e-
newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.orghttp://mailman.sf.nethttp://www.gnu.org/software/mailman
A more detailed change list is included below.
Enjoy,
- -Barry
2.1.9 (12-Sep-2006)
Security
- A malicious user could visit a specially crafted URI and
inject an
apparent log message into Mailman's error log which might
induce an
unsuspecting administrator to visit a phishing site. This has
been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks
to Moritz
Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability. Discovery
and fix
by Karl Chen. Analysis of non-exploitability by Martin 'Joey'
Schulze.
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
Internationalization
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/footer
which
are not in the character set of the list's language are
ignored rather
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of
queue
slices that could result in unprocessable queue entries.
Improved FIFO
processing when two queue entries have the same timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQgPGnEjvBPtnXfVAQIVoQP/R2DffgpcPMzUrsef+ZEcYUeuQ1mOcol2
Z2+iQiHkCx6SP2B/NzOzqMQybvQAAe/TzJWzcfqDDoDDdF+vhJH+kkQIuRwHc5jd
+TDF1NOUBegTyxQnoyCHVQddcVNMg9HTTkdwHuvE8MhP1gNuHEnefxf2wbf5+hRq
h5/qlBiANn0=
=VCTA
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Mailman development team, I'm happy to announce the
release of Mailman 2.1.9 release candidate 1. This is primarily a
bug fix and security release, although it also contains two new
languages: Arabic and Vietnamese.
This version is not yet recommended for production environments,
however testing and feedback is greatly encouraged. My plan is to
release 2.1.9 final by 10-Sep-2006. A more detailed list of changes
will be included in the final release announcement.
Mailman 2.1.9rc1.tgz is available from SourceForge:
https://sourceforge.net/project/showfiles.php?group_id=103
Translators: If you have any language updates you'd like to see in
2.1.9 final, please commit them now or send them to me.
Enjoy,
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRPnRyXEjvBPtnXfVAQKuLAP/aUjiZEelQy/oObIadsrhVl9YzP9dcbfE
jK1rJuGQsB7VKHe2X/uQWuaAy95pxhNwo/j/N9qtTaSjlZvjTC74E8WboxJmCemf
A+azXWgaVY/C3L+HDneqFGBVZLXkKg+4IfxmKPALcEs88jHGzOpvlnuZEVzpyaon
bOYFooMqc3c=
=NWI4
-----END PGP SIGNATURE-----