[Mailman-Announce] RELEASED: Mailman 2.1.9
barry at python.org
Wed Sep 13 16:00:57 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
On behalf of the GNU Mailman development team, I'm please to announce
GNU Mailman 2.1.9. This is primarily a security and bug fix release
and it is highly recommended that all sites upgrade to this version.
Mailman 2.1.9 also contains support for two new languages: Arabic and
Mailman is free software for managing email mailing lists and e-
newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
A more detailed change list is included below.
- A malicious user could visit a specially crafted URI and
apparent log message into Mailman's error log which might
unsuspecting administrator to visit a phishing site. This has
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks
Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability. Discovery
by Karl Chen. Analysis of non-exploitability by Martin 'Joey'
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/footer
are not in the character set of the list's language are
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of
slices that could result in unprocessable queue entries.
processing when two queue entries have the same timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
More information about the Mailman-announce