RELEASED: Mailman 2.1.9

Thu, 14 Sep 2006 13:03:22 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the GNU Mailman development team, I'm please to announce Mailman 2.1.9. This is primarily a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.9 also contains support for two new languages: Arabic and Vietnamese. 


Mailman is free software for managing email mailing lists and e- 
newsletters.  Mailman is used for all the python.org and  
SourceForge.net mailing lists, as well as at hundreds of other sites.


For more information, including download links, please see:

        http://www.list.org
        http://mailman.sf.net
        http://www.gnu.org/software/mailman

A more detailed change list is included below.

Enjoy,
- -Barry

2.1.9 (12-Sep-2006)

   Security


     - A malicious user could visit a specially crafted URI and  
inject an
       apparent log message into Mailman's error log which might  
induce an
       unsuspecting administrator to visit a phishing site.  This  
has been

       blocked.  Thanks to Moritz Naumann for its discovery.

     - Fixed denial of service attack which can be caused by some
       standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.


     - Several cross-site scripting issues have been fixed.  Thanks  
to Moritz

       Naumann for their discovery.  CVE-2006-3636


     - Fixed an unexploitable format string vulnerability.   
Discovery and fix
       by Karl Chen.  Analysis of non-exploitability by Martin  
'Joey'  Schulze.

       Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.

   Internationalization

     - New languages: Arabic, Vietnamese.

   Bug fixes and other patches


     - Fixed Decorate.py so that characters in message header/footer  
which
       are not in the character set of the list's language are  
ignored rather

       than causing shunted messages (1507248).


     - Switchboard.py - Closed very tiny holes at the upper ends of  
queue
       slices that could result in unprocessable queue entries.   
Improved FIFO

       processing when two queue entries have the same timestamp.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQCVAwUBRQlpBXEjvBPtnXfVAQL3wgQAuJhHHGrS7uSW8FFONv7vXjXj67U1Ztll
3UYY2LVyHtItGeMIJ8RNuJIBE6gw9KWFLKKJ3DNqVaNjVGfAaV8CebHAhDpxIieZ
z4OUsenL6NrBpirCdDhWQO0wYx0cNMTUq4EkRhUQif8OT33L6UlTs2ohloNoiSqC
cn4lXlHkmHo=
=/g43
-----END PGP SIGNATURE-----


_______________________________________________
GNU Announcement mailing list <info-gnu@gnu.org>
http://lists.gnu.org/mailman/listinfo/info-gnu














    











					Reply via email to