RELEASED: Mailman 2.1.9
barry at python.org
Wed Sep 13 16:00:57 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
On behalf of the GNU Mailman development team, I'm please to announce
Mailman 2.1.9. This is primarily a security and bug fix release and
it is highly recommended that all sites upgrade to this version.
Mailman 2.1.9 also contains support for two new languages: Arabic and
Mailman is free software, written primarily in Python, for managing
email mailing lists and e-newsletters. It is licensed under the
GPL. Mailman is used for all the python.org and SourceForge.net
mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
A more detailed change list is included below.
- A malicious user could visit a specially crafted URI and
apparent log message into Mailman's error log which might
unsuspecting administrator to visit a phishing site. This
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks
Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability.
Discovery and fix
by Karl Chen. Analysis of non-exploitability by Martin
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/
are not in the character set of the list's language are
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of
slices that could result in unprocessable queue entries.
processing when two queue entries have the same timestamp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
More information about the Python-announce-list