[Mailman-Users] [Mailman-Announce] Mailman security patch.
mark at msapiro.net
Thu Sep 9 15:46:16 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 9/4/2010 5:59 PM, Mark Sapiro wrote:
> I plan to release a Mailman 2.1.14 candidate release towards the end of
> next week (Sept 9 or 10). This release will have enhanced XSS defenses
> addressing two recently discovered vulnerabilities. Since release of the
> code will potentially expose the vulnerabilities, I plan to publish a
> patch against the 2.1.13 base with the fix before actually releasing the
> 2.1.14 candidate.
> I will post the patch to the same 4 lists that this post is being sent
> to in the early afternoon, GMT, on September 9.
> The vulnerabilities are obscure and can only be exploited by a list
> owner, but if you are concerned about them you can plan to install the
The patch is attached. Since it only affects the web CGIs, it can be
applied and will be effective without restarting Mailman, although since
it includes a patch to Utils.py which is imported by the qrunners, a
restart of Mailman is advisable as soon as convenient after applying the
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Mailman-Users