[Pkg-mailman-hackers] Re: New mailman security update

Lionel Elie Mamane lionel at mamane.lu
Wed Sep 20 08:51:14 UTC 2006

On Tue, Sep 19, 2006 at 07:48:42PM +0200, Martin Schulze wrote:
> Moritz Muehlenhoff wrote:
>> On Tue, Sep 12, 2006 at 10:31:43AM +0200, Lionel Elie Mamane wrote:

>>> I prepared a security update for Mailman, available from
>>> http://people.debian.org/~lmamane/mailman/; the fixes are
>>> backported from Mailman 2.1.9rc1 :

>>> mailman (2.1.5-8sarge5) stable-security; urgency=high

>>>   * Security update: log injection

>> This one's CVE-2006-4624

> Ah, good to know.

> Lionel, mind using these packages for the update?

> http://klecker.debian.org/~joey/security/mailman/

The changes I see are:

 - reverted the configure script change that crept in.

 - filled in CVE number in changelog and in patch comments

 - change filename of the patch to CVE number

As such, they are fine and you can use them for the update.


More information about the Pkg-mailman-hackers mailing list