Tokio Kikuchi wrote: > Hi, > > Sorry that I was unable to respond. > > Barry Warsaw wrote: > >> On Sep 9, 2006, at 10:09 AM, Guillaume Rousse wrote: >> >>> I'd like to use this occasion to drop a maximum of patches we still >>> have: >>> - is 2.1.9 still vulnearble to CVE-2005-3573 ? I didn't found any >>> reference to it in the release notes, and the patch [1] still apply >> >> This is the first I've seen of this CVE, but it sounds like bugs that >> have been addressed in the email package. > > This is mentioned in the NEWS of version 2.1.7. > > - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has > been solved in Mailman 2.1.6, there may be more cases where > ToDigest.send_digests() can block regular delivery. We put the > send_digests() calling part in a try/except clause and leave a message > in the error log if something happened in send_digests(). Daily call of > cron/senddigests will provide more detail to the site administrator. > > Therefore, 2.1.9 is also not vulnerable. CVE-2005-3573 is a false > (delayed) alert. Thanks, I'll remove it.
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
