[Pkg-mailman-hackers] Bug#358892: Mailman DoS CVE-2006-0052,
debbug #358892
Steve Kemp
skx at debian.org
Wed Mar 29 19:57:55 UTC 2006
On Wed, Mar 29, 2006 at 09:44:35PM +0200, Lionel Elie Mamane wrote:
> (Please don't hijack old threads about different issues, in particular
> not without changing the subject line.)
Sorry, it wasn't intentional.
> Sid and etch are not vulnerable; problem was fixed in upstream 2.1.6;
> etch contains 2.1.7-1; it was fixed in sid (without even realising it)
> with the upload of 2.1.6-1 on Sun, 25 Dec 2005.
OK.
> Please take this opportunity to retroactively add to the changelog of
> 2.1.5-8sarge1 that the
>
> * Don't die on overflow in date handling, which could lead to a DoS
> attack (closes: #326024)
>
> is CVE-2005-4153.
>
> Also add (closes: #358892) to your changelog entry.
Alright. I'll update the changelog and upload to the queue now.
Thanks for the updated advisory text.
Steve
--
More information about the Pkg-mailman-hackers
mailing list