Fixed edgy:
mailman (1:2.1.8-2ubuntu2) edgy; urgency=low
.
* SECURITY UPDATE: XSS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
- Fix various cross-site scripting vulnerabilities.
- Patch backported from svn head, thanks to Barry Warsaw for preparing it.
- CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
- Scrubber.py: Do not bail out if emails' get_filename() throws a
ValueError. This has been properly fixed in the next upstream email
package (in Python core), but the fix is very intrusive. Thanks to Steve
Alexander for discovering this and for the proposed patch.
- CVE-2006-2941
- Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
- Check characters in URL to prevent injecting bogus messages into
error_log.
- Patch taken from upstream SVN:
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918
stables fixed uploaded, pending build and publishing.
--
stops processing new mail for a list after receiving attachment with ' in
filename
https://launchpad.net/bugs/49620
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
