[Pkg-mailman-hackers] Re: New mailman security update
Lionel Elie Mamane
lionel at mamane.lu
Wed Sep 20 08:51:14 UTC 2006
On Tue, Sep 19, 2006 at 07:48:42PM +0200, Martin Schulze wrote:
> Moritz Muehlenhoff wrote:
>> On Tue, Sep 12, 2006 at 10:31:43AM +0200, Lionel Elie Mamane wrote:
>>> I prepared a security update for Mailman, available from
>>> http://people.debian.org/~lmamane/mailman/; the fixes are
>>> backported from Mailman 2.1.9rc1 :
>>> mailman (2.1.5-8sarge5) stable-security; urgency=high
>>> * Security update: log injection
>>> CVE-UNKNOWN-TODO
>> This one's CVE-2006-4624
> Ah, good to know.
> Lionel, mind using these packages for the update?
> http://klecker.debian.org/~joey/security/mailman/
The changes I see are:
- reverted the configure script change that crept in.
- filled in CVE number in changelog and in patch comments
- change filename of the patch to CVE number
As such, they are fine and you can use them for the update.
--
Lionel
More information about the Pkg-mailman-hackers
mailing list