129136 – net-mail/mailman XSS issues

Bug 129136 - net-mail/mailman XSS issues

Summary: net-mail/mailman XSS issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://mail.python.org/pipermail/mail...
Whiteboard:	B4 [noglsa] DerCorny
Keywords:

Duplicates (1):	124624 (view as bug list)
Depends on:
Blocks:

Reported:	2006-04-07 07:42 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2006-05-01 11:49 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-07 07:42:17 UTC

Mailman 2.1.8rc1 was released for the final test of 2.1.8.

Important: This is not only a release candidate but also include a fix 
for a cross-site scripting bug found in 2.1.7.  All sites running 
previous versions are adviced to upgrade to 2.1.8(rc1).  I am going to 
release the final by the next weekend if nothing serious happens.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-04-07 10:43:59 UTC

net-mail, please provide fixed ebuilds, thank you. Do you want to wait for stable (B4 has a target  delay of 20days, btw)?

Comment 2 Tuan Van (RETIRED) gentoo-dev

2006-04-12 15:26:50 UTC

net-mail team is not interested in maintain this package. It has a list of open bugs ( http://tinyurl.com/fhhet ) and we don't have enough man power to test it with every MTAs that mailman supports. Please find a new maintainer or package.mask --> remove it from the tree.

Best regards,
Tuan V.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-12 22:57:22 UTC

core mailed about new maintainer.

Comment 4 Martin Holzer (RETIRED) gentoo-dev

2006-04-14 09:29:46 UTC

*** Bug 124624 has been marked as a duplicate of this bug. ***

Comment 5 Martin Holzer (RETIRED) gentoo-dev

2006-04-14 09:51:17 UTC

ebuild in cvs

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-15 00:40:49 UTC

mholzer/hanno please update maintainer information in metadata.xml

Arches please test and mark mailman-2.1.8_rc1 stable.

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2006-04-15 08:18:12 UTC

ppc stable

Comment 8 Jason Wever (RETIRED) gentoo-dev

2006-04-15 17:16:00 UTC

Stable on SPARCenstein

Comment 9 Mark Loeser (RETIRED) gentoo-dev

2006-04-16 20:58:08 UTC

x86 stable

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2006-04-28 12:20:20 UTC

amd64 is late

Comment 11 Luis Medinas (RETIRED) gentoo-dev

2006-04-29 09:21:47 UTC

amd64 done!

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-30 09:06:02 UTC

This one is ready for GLSA decision. I tend to vote NO.

Comment 13 Stefan Cornelius (RETIRED) gentoo-dev

2006-04-30 15:36:02 UTC

Voting no, too

Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-05-01 01:57:55 UTC

i tend to vote no

Comment 15 Thierry Carrez (RETIRED) gentoo-dev

2006-05-01 11:49:56 UTC

Voting no and closing.