[Pkg-mailman-hackers] Bug#244699: marked as done (Possible data loss in archives)

Debian Bug Tracking System owner at bugs.debian.org
Sun Dec 25 15:03:11 UTC 2005 

Your message dated Sun, 25 Dec 2005 06:47:10 -0800
with message-id <E1EqX9S-0001zP-E6 at spohr.debian.org>
and subject line Bug#244699: fixed in mailman 2.1.6-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Apr 2004 12:58:54 +0000
>From bernhard at intevation.de Mon Apr 19 05:58:54 2004
Return-path: <bernhard at intevation.de>
Received: from aktaia.intevation.org (albunea.hq) [212.95.126.10] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BFYMP-0003D0-00; Mon, 19 Apr 2004 05:58:54 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Bernhard Reiter <bernhard at intevation.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: mailman: apply important fixes
Bcc: Bernhard Reiter <bernhard at intevation.de>
X-Mailer: reportbug 2.48
Date: Mon, 19 Apr 2004 14:59:30 +0200
Message-Id: <E1BFYMP-0003D0-00 at spohr.debian.org>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_30,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 1

Package: mailman
Version: 2.1.4-4
Severity: important
Tags: security

Mailman 2.1.4 has several important bugs:
	Security relevant: Mailman breaks message signatures
		           for S/MIME and OpenPGP cases.
			   This is a security problem, because
			   users will learn this and are more likely
			   to attribute real manipulation to Mailman
			   instead noticing them.

	Important, because data loss possible.:
	Mailman scrubs some text message parts under certain conditions
	when archiving.  The data cannot be seen in the HTML archive 
	and might also not be in the mbox archive, it is lost.

	Important: Mailman List-ID might violate the standard RFC.
	And the List-ID should not change much, users will be annoyed.

I wrote two patches and put them together with the third one on:
ftp.intevation.de/users/bernhard/mailman

(Each patch has its own description in the top
including the corresponding updstream bug numbers.)

Yes I am running this combination of patches successfully
with on a site with Debian (internal packaging name 2.1.4-4ber1).

	Bernhard


---------------------------------------
Received: (at 244699-close) by bugs.debian.org; 25 Dec 2005 14:51:56 +0000
>From katie at ftp-master.debian.org Sun Dec 25 06:51:56 2005
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
	id 1EqX9S-0001zP-E6; Sun, 25 Dec 2005 06:47:10 -0800
From: Lionel Elie Mamane <lmamane at debian.org>
To: 244699-close at bugs.debian.org
X-Katie: $Revision: 1.65 $
Subject: Bug#244699: fixed in mailman 2.1.6-1
Message-Id: <E1EqX9S-0001zP-E6 at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sun, 25 Dec 2005 06:47:10 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4

Source: mailman
Source-Version: 2.1.6-1

We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:

mailman_2.1.6-1.diff.gz
  to pool/main/m/mailman/mailman_2.1.6-1.diff.gz
mailman_2.1.6-1.dsc
  to pool/main/m/mailman/mailman_2.1.6-1.dsc
mailman_2.1.6-1_sparc.deb
  to pool/main/m/mailman/mailman_2.1.6-1_sparc.deb
mailman_2.1.6.orig.tar.gz
  to pool/main/m/mailman/mailman_2.1.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 244699 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lionel Elie Mamane <lmamane at debian.org> (supplier of updated mailman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Sun, 25 Dec 2005 15:13:36 +0100
Source: mailman
Binary: mailman
Architecture: source sparc
Version: 2.1.6-1
Distribution: unstable
Urgency: low
Maintainer: Mailman for Debian <pkg-mailman-hackers at lists.alioth.debian.org>
Changed-By: Lionel Elie Mamane <lmamane at debian.org>
Description: 
 mailman    - Powerful, web-based mailing list manager
Closes: 244673 244699 311414 343029
Changes: 
 mailman (2.1.6-1) unstable; urgency=low
 .
   * The "Quick, quick, upload before upstream releases a new version" release
   * New upstream release: (closes: #311414)
     New release packaging work:
     - Drop patches integrated upstream (or same fix in another way):
       handle-from-in-non-ascii
       75_danish_options_traceback
       73_list-id_strict_rfc
       69_python24_bouncehandler_datetime
       65_donot_add_empty_cc
       57_fix_missing_da_template
       04_CAN-2005-0202
       03_CAN-2004-1143
       02_CAN-2004-1177_driver_css
     - Upstream doesn't ship README.{EXIM,POSTFIX} anymore: Drop their patch
     - Update patches
        62_new_list_bad_pending_requests
        64_correct_html_nesting
        68_translation_update_nl
        70_invalid_utf8_dos.dpatch
        99_js_templates
     Bugs fixed upstream:
     - Possible data loss in archives (closes: #244699)
   * Don't fold headers in attachments (closes: #244673)
     This avoids breaking cryptographic signatures
   * Warn that list passwords are broken on upgrade from 2.0 (closes: #343029)
Files: 
 e4e6456ba10c6f8d94c289e7762397c4 738 mail optional mailman_2.1.6-1.dsc
 4e0f9d09c1553bd1a0a5327052179ca2 6482726 mail optional mailman_2.1.6.orig.tar.gz
 addf55484dbf9bfc0b021c34d51d4560 191965 mail optional mailman_2.1.6-1.diff.gz
 079b89ff0bce69bd023d284c393133a1 7676726 mail optional mailman_2.1.6-1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iEYEAREDAAYFAkOurwMACgkQscRzFz57S3N6LgCdEzLr9woAqN8XVRIDiqFHUaCB
IRkAoMFLc0rUlql5rcrGrTS1dKRQjgGp
=qh14
-----END PGP SIGNATURE-----

More information about the Pkg-mailman-hackers mailing list