[Pkg-mailman-hackers] Re: [Secure-testing-team] Tracking: security problems fixed by Mailman 2.1.9

Moritz Naumann bugs.debian.org at moritz-naumann.com
Mon Oct 2 19:03:46 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On, Tue Sep 12 14:23:22 UTC 2006, Alec Berryman wrote:
> Lionel Elie Mamane on 2006-09-12 10:18:32 +0200:
> 
>> The following security problems will be fixed by the upload of Mailman
>> 2.1.9, if and when we upload it:
>> 
>>     - A malicious user could visit a specially crafted URI and inject an
>>       apparent log message into Mailman's error log which might induce an
>>       unsuspecting administrator to visit a phishing site.  This has been
>>       blocked.  Thanks to Moritz Naumann for its discovery.
> 
> Does this one have a CVE or an upstream identification number?  

This would be
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624

Thanks to everyone working on the Mailman package generally and on a
patch for the pre 2.1.9rc1 security issues for Etch especially.

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFIWKSn6GkvSd/BgwRAgjXAJ0Qp2FRCv5dx89knUcL2aKICUoejgCfcwEa
SsX0XASV5i12kN7OeH3lhbE=
=5uMd
-----END PGP SIGNATURE-----



More information about the Pkg-mailman-hackers mailing list