Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 129136

Summary: net-mail/mailman XSS issues
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bughunter, hanno, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html
Whiteboard: B4 [noglsa] DerCorny
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-07 07:42:17 UTC 
Mailman 2.1.8rc1 was released for the final test of 2.1.8.

Important: This is not only a release candidate but also include a fix 
for a cross-site scripting bug found in 2.1.7.  All sites running 
previous versions are adviced to upgrade to 2.1.8(rc1).  I am going to 
release the final by the next weekend if nothing serious happens.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-07 10:43:59 UTC 
net-mail, please provide fixed ebuilds, thank you. Do you want to wait for stable (B4 has a target  delay of 20days, btw)?
Comment 2 Tuan Van (RETIRED) gentoo-dev 2006-04-12 15:26:50 UTC 
net-mail team is not interested in maintain this package. It has a list of open bugs ( http://tinyurl.com/fhhet ) and we don't have enough man power to test it with every MTAs that mailman supports. Please find a new maintainer or package.mask --> remove it from the tree.

Best regards,
Tuan V.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-12 22:57:22 UTC 
core mailed about new maintainer.
Comment 4 Martin Holzer (RETIRED) gentoo-dev 2006-04-14 09:29:46 UTC 
*** Bug 124624 has been marked as a duplicate of this bug. ***
Comment 5 Martin Holzer (RETIRED) gentoo-dev 2006-04-14 09:51:17 UTC 
ebuild in cvs
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-15 00:40:49 UTC 
mholzer/hanno please update maintainer information in metadata.xml

Arches please test and mark mailman-2.1.8_rc1 stable.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2006-04-15 08:18:12 UTC 
ppc stable
Comment 8 Jason Wever (RETIRED) gentoo-dev 2006-04-15 17:16:00 UTC 
Stable on SPARCenstein
Comment 9 Mark Loeser (RETIRED) gentoo-dev 2006-04-16 20:58:08 UTC 
x86 stable
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2006-04-28 12:20:20 UTC 
amd64 is late
Comment 11 Luis Medinas (RETIRED) gentoo-dev 2006-04-29 09:21:47 UTC 
amd64 done!
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-30 09:06:02 UTC 
This one is ready for GLSA decision. I tend to vote NO.
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-30 15:36:02 UTC 
Voting no, too
Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-05-01 01:57:55 UTC 
i tend to vote no
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2006-05-01 11:49:56 UTC 
Voting no and closing.