[Mailman-Users] how to avoid mailmanSite list creation
Julian C. Dunn
Julian_Dunn at cbc.ca
Fri Aug 19 19:04:25 CEST 2005
On Fri, 2005-08-19 at 12:56 -0400, John Dennis wrote:
> > As far as I know, Novell has backported all security fixes in 2.1.6 into
> > the SLES 9 2.1.4 Mailman. Please correct me if I'm wrong (and I hope I'm
> > not, because that's the Mailman we're planning on installing)
> >
>
> I don't track Novell's patches, but these are the two CVE's you want to
> make sure are fixed, look to see if the release notes include them.
>
> CAN-2005-0202
> CAN-2004-1177
>
> Of the two of them, CAN-2005-0202 is the most important.
Yep, they are (in the mailman-2.1.4-83.13 RPM):
* Thu Feb 10 2005 - rommel at suse.de
- added mailman-2.1.5-dirtraversal.patch [bug #50563, CAN-2005-0202]
* Wed Jan 12 2005 - rommel at suse.de
- added mailman-weak-password.diff [bug #49468, CAN-2004-1144]
- added mailman-CAN-2004-1177.patch [bug #49468, CAN-2004-1177]
- added mailman-2.1.4-avoid-headerfolding-python21.diff [bug #45355]
- Julian
--
-- Julian C. Dunn, B.A.Sc, P.Eng. <Julian_Dunn at cbc.ca>
-- Platform Administrator, CBC.ca Production & Operations
-- Office: 2C310-Q * Tel.: (416) 205-3311 x5592
More information about the Mailman-Users
mailing list