[Mailman-Developers] Security patch and Mailman 2.1.20 to be released on 31 March

Mark Sapiro mark at msapiro.net
Fri Mar 27 22:42:44 CET 2015

A security vulnerability in Mailman has been found and fixed. It has
been assigned CVE-2015-2775. The details of this vulnerability and fix
will be announced next Tuesday, 31 March 2015, at which time both a
patch for this specific vulnerability and Mailman 2.1.20 will be released.

In addition to this security fix, Mailman 2.1.20 includes a new feature
allowing a list owner to change a list member's address through the
admin Membership Management... Section, and a couple of minor bug fixes.

The new feature is a fix for <https://launchpad.net/bugs/266809>.

The bugs fixed are: <https://launchpad.net/bugs/1426825>,
<https://launchpad.net/bugs/1426829> and

The security vulnerability, the details of which are currently private,
is <https://launchpad.net/bugs/1437145>.

The security vulnerability only affects those installations which use
Exim, Postfix's postfix_to_mailman.py or similar programmatic (not
aliases) MTA delivery to Mailman, and have untrusted local users on the
Mailman server.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20150327/4cb9322e/attachment.sig>

More information about the Mailman-Developers mailing list