[Mailman-Announce] Mailman security patch.
mark at msapiro.net
Sun Sep 5 02:59:21 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
I plan to release a Mailman 2.1.14 candidate release towards the end of
next week (Sept 9 or 10). This release will have enhanced XSS defenses
addressing two recently discovered vulnerabilities. Since release of the
code will potentially expose the vulnerabilities, I plan to publish a
patch against the 2.1.13 base with the fix before actually releasing the
I will post the patch to the same 4 lists that this post is being sent
to in the early afternoon, GMT, on September 9.
The vulnerabilities are obscure and can only be exploited by a list
owner, but if you are concerned about them you can plan to install the
The patch is small (34 line diff), only affects two modules and doesn't
require a Mailman restart to be effective, although I would recommend a
restart as soon as convenient after applying the patch.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
-----END PGP SIGNATURE-----
More information about the Mailman-announce