Mailman 2.1.26 Security release Feb 4, 2018
An XSS vulnerability in the Mailman 2.1 web UI has been reported and assigned CVE-2018-5950 which is not yet public.
I plan to release Mailman 2.1.26 along with a patch for older releases to fix this issue on Feb 4, 2018. At that time, full details of the vulnerability will be public.
This is advance notice of the upcoming release and patch for those that need a week or two to prepare. The patch will be small and only affect one module.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I am pleased to announce the release of Mailman 2.1.26.
Python 2.4 is the minimum supported, but Python 2.7 is strongly recommended.
This is a security and bug fix release with a couple of new features. See the attached README.txt for details.
For those who are concerned about the security vulnerability and can't upgrade immediately, there is a patch at <https://bugs.launchpad.net/mailman/+bug/1747209/+attachment/5048344/+files/options.patch> to fix the security issue. More information on the issue itself is in the bug report at <https://bugs.launchpad.net/mailman/+bug/1747209>.
Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see our web site at one of:
http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/ https://mirror.list.org/
Mailman 2.1.26 can be downloaded from
https://launchpad.net/mailman/2.1/ https://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (1)
-
Mark Sapiro