Hello. I'm the mailman maintainer for mandriva Linux. I'm currently upgrading 2.1.8 to 2.1.9rc1, due to the recent security fixes therein.
I'd like to use this occasion to drop a maximum of patches we still have: - is 2.1.9 still vulnearble to CVE-2005-3573 ? I didn't found any reference to it in the release notes, and the patch [1] still apply - the default build procedure is not suited to package building: it check target directory directly (which doesn't exist), and leave reference to package build root in python bytecode files. The patches [2] and [3] fixes those issues, maybe they could get integrated. - we have a patch for the embeded email module that just fix an encoding name [4]. I didn't found reference to a website or a standalone distribution of this module elsewhere. Could you please transmit the patch to its authors ? [1] CVE-2005-3573 fix: http://cvs.mandriva.com/cgi-bin/viewvc.cgi/SPECS/mailman/mailman-2.1.6-CVE-2005-3573.patch?view=log [2] buildroot references in bytecode fix: http://cvs.mandriva.com/cgi-bin/viewvc.cgi/SPECS/mailman/mailman-2.1.6-CVE-2005-3573.patch?view=log [3] buildroot check fix: http://cvs.mandriva.com/cgi-bin/viewvc.cgi/SPECS/mailman/mailman-buildroot-check.patch?view=log _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
