Patches for security issues in 2.1.9rc1
We'd like to create a patch on top of 2.1.8 for the security issues in 2.1.9rc1.
For the log injection vulnerability, we applied a diff of revisions 7822-7918 for Mailman/Utils.py from the Release_2_1-maint branch.
For CVE-2006-3636, we applied a diff of revisions 7975-8001 from the Release_2_1-maint branch.
What revisions contain the patch for CVE-2006-2941?
- Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
-- albert chin (china@thewrittenword.com)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sep 10, 2006, at 4:25 AM, Albert Chin wrote:
What revisions contain the patch for CVE-2006-2941?
- Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7959
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQV4FHEjvBPtnXfVAQJSMwP/XfkqiDL2B2IF3g4bF7yA1w3A/zdhNPdN 2bO+XP4HRnLk0/Ka+NpVVyt7si7aAV/vfK3eEyB2cV/rPEdaUtIAmosB8egHT6sN tTXl8shpZUT4q9mMxQxwUyHcQ/K+pC0HOVNfj7rk/lNFmSzF9BR274Jzx4aWkLbA /JRq/higSAc= =alO0 -----END PGP SIGNATURE-----
On Mon, Sep 11, 2006 at 10:52:03AM -0400, Barry Warsaw wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sep 10, 2006, at 4:25 AM, Albert Chin wrote:
What revisions contain the patch for CVE-2006-2941?
- Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7959
Thanks!
-- albert chin (china@thewrittenword.com)
participants (2)
-
Albert Chin
-
Barry Warsaw