On Fri, 2005-08-19 at 12:56 -0400, John Dennis wrote: > > As far as I know, Novell has backported all security fixes in 2.1.6 into > > the SLES 9 2.1.4 Mailman. Please correct me if I'm wrong (and I hope I'm > > not, because that's the Mailman we're planning on installing) > > > > I don't track Novell's patches, but these are the two CVE's you want to > make sure are fixed, look to see if the release notes include them. > > CAN-2005-0202 > CAN-2004-1177 > > Of the two of them, CAN-2005-0202 is the most important.
Yep, they are (in the mailman-2.1.4-83.13 RPM): * Thu Feb 10 2005 - [EMAIL PROTECTED] - added mailman-2.1.5-dirtraversal.patch [bug #50563, CAN-2005-0202] * Wed Jan 12 2005 - [EMAIL PROTECTED] - added mailman-weak-password.diff [bug #49468, CAN-2004-1144] - added mailman-CAN-2004-1177.patch [bug #49468, CAN-2004-1177] - added mailman-2.1.4-avoid-headerfolding-python21.diff [bug #45355] - Julian -- -- Julian C. Dunn, B.A.Sc, P.Eng. <[EMAIL PROTECTED]> -- Platform Administrator, CBC.ca Production & Operations -- Office: 2C310-Q * Tel.: (416) 205-3311 x5592 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
