Changelog
mailman (2.1.5-8ubuntu2.3) breezy-security; urgency=low
* SECURITY UPDATE: XSS and remote DoS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
- Fix various cross-site scripting vulnerabilities.
- Patch backported from svn head, thanks to Barry Warsaw for preparing it.
- CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
- Scrubber.py: Do not bail out if emails' get_filename() throws a
ValueError. This has been properly fixed in the next upstream email
package (in Python core), but the fix is very intrusive. Thanks to Steve
Alexander for discovering this and for the proposed patch.
- CVE-2006-2941
- Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
- Check characters in URL to prevent injecting bogus messages into
error_log.
- Patch taken from upstream SVN:
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918
-- Martin Pitt <email address hidden> Tue, 12 Sep 2006 20:36:47 +0000