Hello Devs. mailman 2.1.24 has been released in June. An updated ebuild would be cool. thanks and cheers t. Reproducible: Always
Thank you for the bump request. You can help the maintainer with further information: Does a simple bump [1] work on your system? Chances are high, because a first look on the bump revealed only small changes. [1] https://wiki.gentoo.org/wiki/Custom_repository#Simple_version_bump_of_an_ebuild_in_the_local_overlay
This is actually a security update fixing an XSS. It's likely minor and according to upstream unexploitable in common settings (e.g. apache). Probably no GLSA, but we should still handle it. From the release notes: - A most likely unexploitable XSS attach that relies on the Mailman web server passing a crafted Host: header to the CGI environment has been fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam.
Thank you Hanno, @Maintainers please let us know when the new version is available to stabilize. Gentoo Security Padawan ChrisADR
I am the maintainer :-) Please go ahead with stabilization.
Great :) @Arches, please test and mark stable. Gentoo Security Padawan ChrisADR
amd64 tested, ok. PS: At the moment sourcefoge is offline, i.e. I had to change SRC_URI to https://launchpad.net/mailman mirror manually.
ppc stable
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA Vote: No
@maintainer(s), can the vulnerable version (2.1.23) please be cleaned?
Can we please bump to 2.1.25 while we on it?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a457bf8f1e829aa4afbe6217c059c3ed6796720 commit 4a457bf8f1e829aa4afbe6217c059c3ed6796720 Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-01-19 15:44:38 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-01-19 15:44:38 +0000 net-mail/mailman: Drop old (insecure) version Bug: https://bugs.gentoo.org/629090 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-mail/mailman/Manifest | 1 - net-mail/mailman/mailman-2.1.23.ebuild | 167 --------------------------------- 2 files changed, 168 deletions(-)}
Done