[Pkg-mailman-hackers] Re: [Secure-testing-team] Tracking: security
problems fixed by Mailman 2.1.9
Moritz Naumann
bugs.debian.org at moritz-naumann.com
Mon Oct 2 19:03:46 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On, Tue Sep 12 14:23:22 UTC 2006, Alec Berryman wrote:
> Lionel Elie Mamane on 2006-09-12 10:18:32 +0200:
>
>> The following security problems will be fixed by the upload of Mailman
>> 2.1.9, if and when we upload it:
>>
>> - A malicious user could visit a specially crafted URI and inject an
>> apparent log message into Mailman's error log which might induce an
>> unsuspecting administrator to visit a phishing site. This has been
>> blocked. Thanks to Moritz Naumann for its discovery.
>
> Does this one have a CVE or an upstream identification number?
This would be
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624
Thanks to everyone working on the Mailman package generally and on a
patch for the pre 2.1.9rc1 security issues for Etch especially.
Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFIWKSn6GkvSd/BgwRAgjXAJ0Qp2FRCv5dx89knUcL2aKICUoejgCfcwEa
SsX0XASV5i12kN7OeH3lhbE=
=5uMd
-----END PGP SIGNATURE-----
More information about the Pkg-mailman-hackers
mailing list