[Mailman-Announce] RELEASED: Mailman 2.1.9
Barry Warsaw
barry at python.org
Wed Sep 13 16:00:57 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the GNU Mailman development team, I'm please to announce
GNU Mailman 2.1.9. This is primarily a security and bug fix release
and it is highly recommended that all sites upgrade to this version.
Mailman 2.1.9 also contains support for two new languages: Arabic and
Vietnamese.
Mailman is free software for managing email mailing lists and e-
newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org
http://mailman.sf.net
http://www.gnu.org/software/mailman
A more detailed change list is included below.
Enjoy,
- -Barry
2.1.9 (12-Sep-2006)
Security
- A malicious user could visit a specially crafted URI and
inject an
apparent log message into Mailman's error log which might
induce an
unsuspecting administrator to visit a phishing site. This has
been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks
to Moritz
Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability. Discovery
and fix
by Karl Chen. Analysis of non-exploitability by Martin 'Joey'
Schulze.
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
Internationalization
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/footer
which
are not in the character set of the list's language are
ignored rather
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of
queue
slices that could result in unprocessable queue entries.
Improved FIFO
processing when two queue entries have the same timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQgPGnEjvBPtnXfVAQIVoQP/R2DffgpcPMzUrsef+ZEcYUeuQ1mOcol2
Z2+iQiHkCx6SP2B/NzOzqMQybvQAAe/TzJWzcfqDDoDDdF+vhJH+kkQIuRwHc5jd
+TDF1NOUBegTyxQnoyCHVQddcVNMg9HTTkdwHuvE8MhP1gNuHEnefxf2wbf5+hRq
h5/qlBiANn0=
=VCTA
-----END PGP SIGNATURE-----
More information about the Mailman-announce
mailing list