Ubuntu
mailman package

lp:ubuntu/hoary-security/mailman

Hoary (5.04)
hoary-security

Created by James Westby on 2009-08-05 and last modified on 2009-08-05

Get this branch:: bzr branch lp:ubuntu/hoary-security/mailman

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

5. By Martin Pitt on 2006-09-12: * SECURITY UPDATE: XSS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
  - Fix various cross-site scripting vulnerabilities.
  - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
  - CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
  - Scrubber.py: Do not bail out if emails' get_filename() throws a
    ValueError. This has been properly fixed in the next upstream email
    package (in Python core), but the fix is very intrusive. Thanks to Steve
    Alexander for discovering this and for the proposed patch.
  - CVE-2006-2941
  - Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
  - Check characters in URL to prevent injecting bogus messages into
    error_log.
  - Patch taken from upstream SVN:
    http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918
4. By Martin Pitt on 2006-04-03: * Security update: Remote DoS.
* Add debian/patches/72_mime_None_payload.dpatch:
  - Do not crash if python's email module returns None for the payload of a
    MIME part. This can happen for message/delivery-status or parts that
    contain only two blank lines.
  - See upstream bug reports and CVS patch:
    https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1430236&group_id=103
    https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
    http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/
    Handlers/Scrubber.py?r1=2.18.2.22&r2=2.18.2.23&diff_format=u
* CVE-2006-0052
3. By Martin Pitt on 2006-01-16: * SECURITY UPDATE: Remote DoS.
* Add debian/patches/70_invalid_utf8_dos.dpatch:
  - Do not crash on attachment filenames with invalid UTF-8 encoded name.
  - Thanks to Lionel Elie Mamane <email address hidden> for preparing the
    patch.
  - CVE-2005-3573
* Add debian/patches/71_invalid_date_dos.dpatch:
  - Do not crash on mails with specially crafted dates which generate an
    OverflowError exception.
  - CVE-2005-4153
2. By Tollef Fog Heen <email address hidden> on 2005-02-16: * Brown bag release -- use '/' instead of the undefined SLASH in
Cgi/private.py. (closes: #294874)
* Handle the case of non-ascii chars in realname. (closes: #293861)
* Fix up typo in cron script (closes: #284311)
* Use head -n 1 instead of cat for getting the mailname out of
/etc/mailname. (closes: #287636)
1. By Matthias Klose <email address hidden> on 2004-10-11: Import upstream version 2.1.5

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/mailman

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntumailman package