Mailman-i18n August 2016

Download

mailman-i18n@python.org

2 participants
2 discussions

Mailman 2.1.23 release and fix for CVE-2016-6893
by Mark Sapiro 27 Aug '16

27 Aug '16

I am pleased to announce the release of Mailman 2.1.23. Python 2.4 is the minimum supported, but Python 2.7 is strongly recommended. This release contains a fix for CVE-2016-6893 which is also attached here as a patch. It also has new features, a few i18n updates and some bug fixes. See the attached README for details. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, please see our web site at one of: http://www.list.org http://www.gnu.org/software/mailman http://mailman.sourceforge.net/ http://mirror.list.org/ Mailman 2.1.23 can be downloaded from https://launchpad.net/mailman/2.1/ http://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/ -- Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

2 3

Imminent release of a Mailman security fix.
by Mark Sapiro 19 Aug '16

19 Aug '16

There is a CSRF vulnerability associated with the user options page. This could conceivably allow an attacker to obtain a user's password. This is reported at <https://bugs.launchpad.net/mailman/+bug/1614841>. I have developed a fix which is a small patch to two modules. I plan to release Mailman 2.1.23 with this and other fixes on Saturday, Aug 27 and also to post at the same time the patch which can be applied stand-alone. Neither the bug report nor the fix reveals much detail about the attack, but to allay any concern, I'm delaying the release for a week to allow people to plan for installation of at least the patch at the time of release. -- Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

1 0