lp:ubuntu/gutsy-security/mailman
- Get this branch:
- bzr branch lp:ubuntu/gutsy-security/mailman
Branch merges
Branch information
Recent revisions
- 16. By Emanuele Gentili
-
debian/
patches/ 100_CVE- 2008-0564. dpatch: Readd erroneously removed code
line which caused the code to become invalid and the package to not be
installable. (LP: #202332) - 15. By Emanuele Gentili
-
* debian/control:
+ updated maintainer field
* SECURITY UPDATE:
+ debian/patches/ 100_CVE- 2008-0564. dpatch (LP: #199338)
- Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow
remote attackers to inject arbitrary web script or HTML via unspecified vectors related
to (1) editing templates and (2) the list's "info attribute" in the web administrator interface.
* References
+ http://cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 0564
+ http://bugs.gentoo. org/show_ bug.cgi? id=208710 - 14. By Thijs Kinkhorst
-
[ Thijs Kinkhorst ]
* Added Portuguese debconf translation by Miguel Figueiredo
(Closes: #414365).
* Make sure Mailman can be properly purged (Closes: #421676).
* Remove obsolete upgrading code.
* Do not break upgrades in case python is temporarily unavailable
(Closes: #419563).[ Lionel Elie Mamane ]
* Avoid implicit-sort-on- load of indexes being converted to Unicode
(hopefully really closes: #412142 now) - 13. By Lionel Elie Mamane <email address hidden>
-
Upgrade subject and author indexes of _all_ archiving volumes to
Unicode strings. (completely closes: #412142) - 12. By Martin Pitt
-
* Merge from debian unstable, remaining changes:
- debian/control: exim4 -> postfix. - 11. By Martin Pitt
-
* Synchronize to Debian; remaining Ubuntu change:
- debian/control: exim4 -> postfix. - 10. By Martin Pitt
-
* SECURITY UPDATE: XSS.
* Add debian/patches/ security- CVE-2006- 3636-XSS. dpatch:
- Fix various cross-site scripting vulnerabilities.
- Patch backported from svn head, thanks to Barry Warsaw for preparing it.
- CVE-2006-3636
* Add debian/patches/ security- CVE-2006- 2941.dpatch:
- Scrubber.py: Do not bail out if emails' get_filename() throws a
ValueError. This has been properly fixed in the next upstream email
package (in Python core), but the fix is very intrusive. Thanks to Steve
Alexander for discovering this and for the proposed patch.
- CVE-2006-2941
- Closes: LP#49620
* Add debian/patches/ security- error_log. dpatch:
- Check characters in URL to prevent injecting bogus messages into
error_log.
- Patch taken from upstream SVN:
http://svn.sourceforge .net/viewvc/ mailman? view=rev& revision= 7918 - 9. By Martin Pitt
-
Merge new Debian revision; Debian adopted the init script and apache2
dependency fix, only remaining diff is the exim4->postfix dependency
change. - 8. By Martin Pitt
-
* Merge to Debian; remaining Ubuntu changes:
- debian/mailman. init: Create /var/{run, lock}/mailman.
- debian/control: exim4 -> postfix.
* debian/control: Dependency fix: apache -> apache2. - 7. By Martin Pitt
-
* Security update: Remote DoS.
* Add debian/patches/ 72_mime_ None_payload. dpatch:
- Do not crash if python's email module returns None for the payload of a
MIME part. This can happen for message/delivery- status or parts that
contain only two blank lines.
- See upstream bug reports and CVS patch:
https://sourceforge. net/tracker/ ?func=detail& atid=100103& aid=1430236& group_id= 103
https://sourceforge. net/tracker/ ?func=detail& atid=100103& aid=1099138& group_id= 103
http://cvs.sourceforge .net/viewcvs. py/mailman/ mailman/ Mailman/
Handlers/Scrubber. py?r1=2. 18.2.22& r2=2.18. 2.23&diff_ format= u
* CVE-2006-0052
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/mailman