On Wed, 20 Sep 2006 15:10:03 +0000 (UTC)
Lubomir Sedlacik <salo Xtrmntr.org> wrote:
> The following reply was made to PR pkg/34567; it has
been noted by
> GNATS.
>
> From: Lubomir Sedlacik <saloXtrmntr.org>
> To: gnats-bugsNetBSD.org
> Cc:
> Subject: Re: pkg/34567: [update] mail/mailman (security
fixes)
> Date: Wed, 20 Sep 2006 17:08:39 +0200
>
> --O5XBE6gyVG5Rl6Rj
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Wed, Sep 20, 2006 at 02:00:01PM +0000, Martin Wilke
wrote:
> > >Synopsis: [update] mail/mailman
(security fixes)
> > >Description:
> > Update to 2.1.9
> >=20
> > Changes:
> > Security
> >=20
> > - A malicious user could visit a specially
crafted URI and
> > inject an apparent log message into Mailman's
error log which
> > might induce an unsuspecting administrator to
visit a phishing
> > site. This has been blocked. Thanks to Moritz
Naumann for its
> > discovery.
> >=20
> > - Fixed denial of service attack which can be
caused by some
> > standards-breaking RFC 2231 formatted
headers.
> > CVE-2006-2941.
> >=20
> > - Several cross-site scripting issues have
been fixed. Thanks
> > to Mor=
> itz
> > Naumann for their discovery. CVE-2006-3636
> >=20
> > - Fixed an unexploitable format string
vulnerability.
> > Discovery and =
> fix
> > by Karl Chen. Analysis of
non-exploitability by Martin
> > 'Joey' Schu=
> lze.
> > Also thanks go to Lionel Elie Mamane.
CVE-2006-2191.
>
> all these fixes are already included in pkgsrc, with
the 2.1.9rc1
> update.
Doh sorry my tree is to old :(
>
> > Internationalization
> >=20
> > - New languages: Arabic, Vietnamese.
> >=20
> > Bug fixes and other patches
> >=20
> > - Fixed Decorate.py so that characters in
message
> > header/footer which are not in the character set
of the list's
> > language are ignored rat=
> her
> > than causing shunted messages (1507248).
> >=20
> > - Switchboard.py - Closed very tiny holes at
the upper ends of
> > queue slices that could result in unprocessable
queue entries.
> > Improved =
> FIFO
> > processing when two queue entries have the
same timestamp.
>
> are there actually _any_ differences to 2.1.9rc1?
> your patch is against an older version, too.
>
Yes, here is a new patch
h
ttp://people.freebsd.org/~miwi/netbsd/mailman.diff
>
> regards,
- Martin
>
> --=20
> -- Lubomir Sedlacik <salo{NetBSD,Xtrmntr,silcnet}.org> --
>
> --O5XBE6gyVG5Rl6Rj
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (NetBSD)
>
>
iD8DBQFFEVl3iwjDDlS8cmMRAu/KAJ9DvC/cou7/t8Z2/i9rlLKh+BhLJwCe
O63/
> 42MJjkEIlP4HRy4zWAXjEdQ=
> =0N2A
> -----END PGP SIGNATURE-----
>
> --O5XBE6gyVG5Rl6Rj--
>
|