9 Sep
2006
9 Sep
'06
2:09 p.m.
Hello.
I'm the mailman maintainer for mandriva Linux. I'm currently upgrading 2.1.8 to 2.1.9rc1, due to the recent security fixes therein.
I'd like to use this occasion to drop a maximum of patches we still have: patch to its authors ?
- is 2.1.9 still vulnearble to CVE-2005-3573 ? I didn't found any reference to it in the release notes, and the patch [1] still apply
- the default build procedure is not suited to package building: it check target directory directly (which doesn't exist), and leave reference to package build root in python bytecode files. The patches [2] and [3] fixes those issues, maybe they could get integrated.
- we have a patch for the embeded email module that just fix an encoding name [4]. I didn't found reference to a website or a standalone distribution of this module elsewhere. Could you please transmit the
[1] CVE-2005-3573 fix: http://cvs.mandriva.com/cgi-bin/viewvc.cgi/SPECS/mailman/mailman-2.1.6-CVE-2... [2] buildroot references in bytecode fix: http://cvs.mandriva.com/cgi-bin/viewvc.cgi/SPECS/mailman/mailman-2.1.6-CVE-2... [3] buildroot check fix: http://cvs.mandriva.com/cgi-bin/viewvc.cgi/SPECS/mailman/mailman-buildroot-c...