This came from the SAN security list. Mailman needs to be upgraded to 2.1.9 as soon as the Debian package maintainer makes it available. It isn't yet available in the apt repository.
Since I'm likely to forget, before the package becomes available, I request you help me remember. :-) 06.37.17 CVE: CVE-2006-3636 Platform: Unix Title: Mailman Multiple Input Validation Vulnerabilities Description: Mailman is a mailing list server available for Unix like operating systems. It is prone to multiple input validation vulnerabilities due to insufficient input sanitization. Please see the advisory for further details. Versions between 2.1.0 and 2.1.8 are reported to be vulnerable. Ref: http://www.securityfocus.com/bid/20021 -- Neil Schneider pacneil_at_linuxgeek_dot_net http://www.paccomp.com Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D "To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." [Theodore Roosevelt] 1918 -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
