On 03/28/2015 05:24 AM, Roland Miyamoto wrote: > Thank you, Mark, > > For this anouncement. > Does the vulnerabilitiy also affect older Mailman releases, like > 2.1.15, e.g.?
Yes, but the actual number of sites that are vulnerable is probably small. More information will be available on Tuesday, but I think only one class of sites which doesn't include you is primarily vulnerable. > If so, how do I make sure to incorporate the fix soon after next > Tuesday, when the world will learn about the details? > > I am running Mailman 2.1.15 under Debian 7. > Will the fix be included in the usual repository updates? The fix will be in Mailman 2.1.20 which will be available in all the usual upstream places. It will also be in the official Mailman 2.1 branch at <https://code.launchpad.net/~mailman-coders/mailman/2.1>. Its inclusion in Debian and other downstream packages is beyond my control, and I can't say when this might occur. The actual fix, exclusive of comments, adds 3 lines of code to one place in one module. This patch will be included in the announcement I post on Tuesday, so you can just apply it and restart Mailman. It will apply with at most a line number offset and work with any Mailman version 2.1.11 or newer. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
