FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
[SECURITY] 20k Update 2005-03-22: mailman-2.1.5-10.fc2

 
Post new topic   Reply to topic    BLAG Forum Index -> announcements
View previous topic :: View next topic  
Author Message
mike_m
PostPosted: Wed Mar 23, 2005 5:30 am    Post subject: [SECURITY] 20k Update 2005-03-22: mailman-2.1.5-10.fc2 Reply with quote

———————————————————————
Fedora Update Notification
FEDORA-2005-241
2005-03-22
———————————————————————

Product : Fedora Core 2
Name : mailman
Version : 2.1.5
Release : 10.fc2
Summary : Mailing list manager with built in Web access.
Description :
Mailman is software to help manage email discussion lists, much like
Majordomo and Smartmail. Unlike most similar products, Mailman gives
each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can administer
his or her list entirely from the Web. Mailman also integrates most
things people want to do with mailing lists, including archiving, mail
< -> news gateways, and so on.

Documentation can be found in: /usr/share/doc/mailman-2.1.5

When the package has finished installing, you will need to perform some
additional installation steps, these are described in:
/usr/share/doc/mailman-2.1.5/INSTALL.REDHAT

———————————————————————
Update Information:

A cross-site scripting (XSS) flaw in the driver script of mailman
prior to version 2.1.5 could allow remote attackers to execute scripts
as other web users. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1177 to this issue.

Users of mailman should update to this erratum package, which corrects
this issue by turning on STEALTH_MODE by default and using
Utils.websafe() to quote the html.

———————————————————————
* Mon Mar 21 2005 John Dennis - 3:2.1.5-10.fc2

- fix bug #147833, CAN-2004-1177

* Mon Feb 14 2005 John Dennis - 3:2.1.5-9.fc2

- fix bug #147856, moderator -1 admin requests pending

* Tue Feb 8 2005 John Dennis - 3:2.1.5-8.fc2

- fix security vulnerability CAN-2005-0202, errata RHSA-2005:136, bug #147343

———————————————————————
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

898fb9a008e82e26614d157bc6178244 SRPMS/mailman-2.1.5-10.fc2.src.rpm
69e2626ff50b3a1c71ef758a3724a5bb x86_64/mailman-2.1.5-10.fc2.x86_64.rpm
9aa5111f6bd88033bebfc67d329b7679 x86_64/debug/mailman-debuginfo-2.1.5-10.fc2.x86_64.rpm
2bb2085fd024b45215d43d0c17dc05f4 i386/mailman-2.1.5-10.fc2.i386.rpm
088c601b4fd076b933128a398810f7b7 i386/debug/mailman-debuginfo-2.1.5-10.fc2.i386.rpm

Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> announcements
Page 1 of 1

Protected by Anti-Spam ACP