[Mailman-Users] Re: mailman 2 verion

Mon, 11 May 2026 14:22:05 -0700 

On 5/11/26 12:27, Steven Jones via Mailman-Users wrote:


We are running a RHEL8 version of mailman2.   Is there any test(s) I can run to 
find out if RH's patched version is the same secure version as the latest/ last 
mailman2 binary released?

Currently we have, mailman-2.1.30-1.module+el8.9.0+19511+cc1b14d9.x86_64



You can find the Mailman 2.1 NEWS file at 
<https://mail.python.org/archives/list/[email protected]/message/FJSOADBRSWCNFSTWTDAYP2KYU6GWXLAW/attachment/2/NEWS.txt>.



That file lists all the changes per release There are a number of 
security fixes later than 2.1.30 but I have no knowledge of whether any 
of those have been backported to RedHat's 
mailman-2.1.30-1.module+el8.9.0+19511+cc1b14d9.x86_64.



However for each change that is a security fix, there is a reference to 
an issue on Launchpad. For example in MM 2.1.31 there is


    - A content injection vulnerability via the options login page has been

      discovered and reported by Vishal Singh. This is fixed. 
CVE-2020-12108

      (LP: #1873722)


and LP: #1873722 points to the issue. If whatever you are using to view 
the file doesn't render these as links, the translate to (e.g. in this 
case) <https://bugs.launchpad.net/mailman/+bug/1873722>. If you go to 
the issue on Launchpad, it will contain a link to the patch for the issue.



It would be tedious, but you could look at all these issues and patches 
and see if the patches have been incorporated in your code.



Also, there is <https://wiki.list.org/x/17892071> if you want to upgrade 
to our latest version.


--
Mark Sapiro <[email protected]>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

------------------------------------------------------
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]






















					Reply via email to