Hot on the heels of Mailman 2.0.7, I'm now releasing 2.0.8 which fixes several cross-site scripting security holes, and a few other minor bug fixes. More information on cross-site scripting exploits in general can be found at
http://www.cert.org/advisories/CA-2000-02.html
I recommend anybody running a version of Mailman up to, and including 2.0.7 to upgrade to version 2.0.8.
I've made both full source tarballs and patches available. Actually, patches going all the way back to 2.0 are now available on SourceForge. See
http://sourceforge.net/project/showfiles.php?group_id=103
for links to download all the patches and the source tarball. If you decide to install the patches, please do read the release notes first:
http://sourceforge.net/project/shownotes.php?release_id=63042
Currently the SourceForge and www.list.org sites are up-to-date, and I expect the gnu.org site to be updated soon.
See also:
http://www.gnu.org/software/mailman
http://www.list.org
http://mailman.sf.net
I've also included links on the FAQ page to the Mailman FAQ wizard. Thanks everybody for contributing good entries! (I may do some reorg when I get a chance.) See the FAQ wizard at
http://www.python.org/cgi-bin/faqw-mm.py
Cheers, -Barry
-------------------- snip snip -------------------- 2.0.8 (27-Nov-2001)
Security fix release to prevent cross-site scripting exploits.
See http://www.cert.org/advisories/CA-2000-02.html for a
description of the general problem (not Mailman specific).
What was the fix for the "Error decoding authorization cookie" error?? (cvs patched 2.06 >> 2.08)
On Tuesday 27 November 2001 11:31 pm, you wrote:
Hot on the heels of Mailman 2.0.7, I'm now releasing 2.0.8 which fixes several cross-site scripting security holes, and a few other minor bug fixes. More information on cross-site scripting exploits in general can be found at
I only see this error in the 2.07 release with KDEs "Konqueror". Has it gone away in MM 2.08 ??
- oliver
What was the fix for the "Error decoding authorization cookie" error?? (cvs patched 2.06 >> 2.08)
On Tuesday 27 November 2001 11:31 pm, you wrote:
Hot on the heels of Mailman 2.0.7, I'm now releasing 2.0.8 which fixes several cross-site scripting security holes, and a few other minor bug fixes. More information on cross-site scripting exploits in general can be found at
Mailman-Users maillist - Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users
False alarm - it was Konqueror - No problem w/ opera or netscape
On Wednesday 28 November 2001 08:47 am, you wrote:
I only see this error in the 2.07 release with KDEs "Konqueror". Has it gone away in MM 2.08 ??
- oliver
What was the fix for the "Error decoding authorization cookie" error?? (cvs patched 2.06 >> 2.08)
"C" == Camel <camel@lrllamas.com> writes:
C> False alarm - it was Konqueror - No problem w/ opera or
C> netscape
Mailman 2.0.x uses a slightly non-standard cookie format, which I suspect -- but don't know for sure -- is the problem with Konqueror. I've verified that Mailman 2.1 + Konq 2.1.1 works just fine.
-Barry
"Error decoding authorization cookie" As soon as Konqueror try to read the authorization cookie. Only tested for MM 2.07 (yet) and all relevant versions of Konqueror. Konqueror 2.2.2 (KDE 2.2.2) inclusive. In MM 2.06 the problem didn't exists.
Opera, Netscape, Mozilla, MS-Explorer and Lynx are working pretty good with MM 2.07. I will try MM 2.08 as time permits.
regards Oliver
"C" == Camel <camel@lrllamas.com> writes:
C> False alarm - it was Konqueror - No problem w/ opera or C> netscape
Mailman 2.0.x uses a slightly non-standard cookie format, which I suspect -- but don't know for sure -- is the problem with Konqueror. I've verified that Mailman 2.1 + Konq 2.1.1 works just fine.
-Barry
Mailman-Users maillist - Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users
Quoting Oliver Egginger (Oliver.Egginger@dvz.fh-giessen.de):
"Error decoding authorization cookie" As soon as Konqueror try to read the authorization cookie.
I have the same problem in Konqueror. Deleting the cookie out of the cookie manager didn't help. Neither did logging off and logging back in. I now have to use Mozilla for mailman stuff, while using Konq for everything else.
This started soon after switching from Mailman 1.1 to Mailman 2.0.7.
-- Paul Tomblin <ptomblin@xcski.com>, not speaking for anybody "I picked up a Magic 8-Ball the other day and it said 'Outlook not so good.' I said, 'Sure, but Microsoft still ships it.'" - unk.
"OE" == Oliver Egginger <Oliver.Egginger@dvz.fh-giessen.de> writes:
OE> "Error decoding authorization cookie" As soon as Konqueror try
OE> to read the authorization cookie. Only tested for MM 2.07
OE> (yet) and all relevant versions of Konqueror. Konqueror 2.2.2
OE> (KDE 2.2.2) inclusive. In MM 2.06 the problem didn't exists.
OE> Opera, Netscape, Mozilla, MS-Explorer and Lynx are working
OE> pretty good with MM 2.07. I will try MM 2.08 as time permits.
I've posted before about the interop problems with Konq and MM2.0.8 (check the archives). These should all be cleared up with MM2.1.
I will note that I've seen quite a few regressions with Mozilla 0.9.7 Linux. Moz 0.9.6 seemed to work very well, but I've noticed two problems with the latest release.
Moz seems to have problems with the mass subscribe forms, which AFAICT differ from other forms only in that it has an `enctype="multipart/form-data"' attribute on the <FORM> tag. Submitting either the mass subscribe or mass remove forms just hangs. This worked fine in Moz 0.9.6 and works fine w/ NS, and Konq.
Moz 0.9.7 seems to ignore https and other encrypted connections. The lil' lock icon never locks! This doesn't affect MM directly, although it certainly affects sites like SF which use SSL.
I haven't reported these to the Mozilla group yet, and I'm also wondering if anybody else has noticed these problems.
-Barry
In article <15365.1301.182637.627419@anthem.wooz.org>, Barry A. Warsaw <barry@zope.com> wrote:
"C" == Camel <camel@lrllamas.com> writes:
C> False alarm - it was Konqueror - No problem w/ opera or C> netscape
Mailman 2.0.x uses a slightly non-standard cookie format, which I suspect -- but don't know for sure -- is the problem with Konqueror. I've verified that Mailman 2.1 + Konq 2.1.1 works just fine.
-Barry
Mailman-Users maillist - Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users
--
Richard Torrens 4QD manufacture speed controllers for battery electric motors. www sites http://www.4QD.co.uk http://www.4QDtec.com http://www.4QD.org All email addresses are copyright. Resale or use on any lists is expressly forbidden ---------- We use a RISC PC 32 bit RISC computer ----------------
participants (5)
-
barry@zope.com
-
Camel - Jay S. Curtis
-
Oliver Egginger
-
Paul Tomblin
-
Richard Torrens