[Mailman-Developers] Re: [Mailman-Announce] RELEASE Mailman 2.0.7
Roy Harvey
roy@lamrim.com
Thu, 15 Nov 2001 18:48:33 -0800
Barry --
Thanks for the update, I haven't pulled the newest version, but wanted to
alert you to a possible bug:
List-Help: <mailto:lamrim-request@lamrim.com?subject=help>
List-Post: <mailto:lamrim@lamrim.com>
List-Subscribe: <http://www.lamrim.com/mailman/listinfo/lamrim>,
<mailto:lamrim-request@lamrim.com?subject=subscribe>
List-Id: Lam Rim Radio Mailing List <lamrim.lamrim.com>
List-Unsubscribe: <http://www.lamrim.com/mailman/listinfo/lamrim>,
<mailto:lamrim-request@lamrim.com?subject=unsubscribe>
List-Archive: <http://www.lamrim.com/mailman/private//lamrim/>
Please note the last line URL with the double "/" after private.
Thanks again for the great software!
Roy
At 05:41 PM 11/9/01 -0500, you wrote:
>
>Hi all,
>
>I'm releasing Mailman 2.0.7 which fixes two potential, though obscure
>security or denial-of-service attacks, along with a few other minor
>bug fixes. Details:
>
>- If you are running Python 1.5.2, it is possible for someone to
> carefully craft some cookie data, and then trick Mailman into
> accepting that data, that will crash your Python interpreter.
>
> If you are not running Python 1.5.2, you should be invulnerable to
> the crash, however it is still possible for someone to even more
> carefully craft some cookie data that could cause arbitrary class
> constructors to be executed on the server.
>
> While I believe it is difficult to exploit this, Mailman 2.0.7
> closes this hole completely, by disabling the Cookie.py module's
> default unpickling of cookie data.
>
>- It is possible that Mailman's bounce handler could receive a bounce
> message that looked like a DSN report, but was incorrectly
> formatted. Under Mailman 2.0.6's bounce detector, you would get a
> traceback for a message that would never be removed from the queue,
> thus potentially wedging your qrunner until the offending message
> was manually deleted.
>
> Mailman 2.0.7 fixes the DSN.py bounce detector.
>
>There are a few other useful bug fixes in this release, described in
>the NEWS excerpt below. I recommend anybody running a version of
>Mailman up to, and including 2.0.6 to upgrade to 2.0.7.
>
>I'm releasing this version only as a tarball -- no patch file is
>provided at this time. As of this moment, only the SourceForge site
>is up-to-date, although I expect www.list.org and www.gnu.org to
>follow soon. The release information is available on SourceForge at:
>
> http://sourceforge.net/project/shownotes.php?release_id=60758
>
>and the file can be downloaded from:
>
>
http://sourceforge.net/project/showfiles.php?group_id=103&release_id=60758
>
>See also:
>
> http://www.gnu.org/software/mailman
> http://www.list.org
> http://mailman.sf.net
>
>Cheers
>-Barry
>
>-------------------- snip snip --------------------
>2.0.7 (09-Nov-2001)
>
> Security fixes:
>
> - Closed a hole in cookie management whereby some carefully
> crafted untrusted cookie data could crash Mailman if used with
> Python 1.5.2, or cause some unintended class constructors to be
> run on the server.
>
> - In the DSN.py bounce handler, a message that was DSN-like, but
> which was missing a "report-type" parameter could cause a
> non-deletable bounce message to crash Mailman forever, requiring
> manual intervention.
>
> Bug fixes:
>
> - Stray % signs in headers and footers could cause crashes. Now
> they'll just cause an [INVALID HEADER] or [INVALID FOOTER]
> string to be added.
>
> - The mail->news gateway has been made more robust in the face of
> duplicate headers, and reserved headers that some news servers
> reject. If the message is still rejected, it is saved in
> $prefix/nntp instead of discarded.
>
> - Hand-crafted invalid chunk number in membership management
> display could cause a traceback.
>
>
>_______________________________________________
>Mailman-announce mailing list
>Mailman-announce@python.org
>http://mail.python.org/mailman/listinfo/mailman-announce
>
>