Re: [Mailman-Developers] Mailman Security Patch Announcement

2011-02-19 Thread Mark Sapiro
"Mathieu Bouchard" wrote: > >will there soon be an actual release of MailMan that includes the fix ? The fix has been committed to the Bazaar branch at lp:mailman/2.1 and will be in the 2.1.15 release. There is no scheduled date yet. -- Mark Sapiro - m...@msapiro.net Sent from my Android

Re: [Mailman-Developers] Mailman Security Patch Announcement

2011-02-19 Thread Mathieu Bouchard
On Fri, 18 Feb 2011, Mark Sapiro wrote: David Brown wrote: Sorry for the n00b moment, but am I correct to think that the way to apply the patch is to issue the command: patch ...when logged in with appropriate permissions and where each is replaced with the appropriate file path. [...] will

Re: [Mailman-Developers] Mailman Security Patch Announcement

2011-02-18 Thread Stephen J. Turnbull
Restricting to "developers". I wonder if hunks like > @@ -471,7 +471,7 @@ > if fullname is None: > fullname = _('Not available') > else: > -fullname = Utils.uncanonstr(fullname, lang) > +fullname = Utils.websafe(Utils.uncanonstr(fullname, lang)) > ta

Re: [Mailman-Developers] Mailman Security Patch Announcement

2011-02-18 Thread Mark Sapiro
David Brown wrote: >Sorry for the n00b moment, but am I correct to think that the way to apply >the patch is to issue the command: > >patch > >...when logged in with appropriate permissions and where each > is replaced with the appropriate file path. That will work in this case because the pat

Re: [Mailman-Developers] Mailman Security Patch Announcement

2011-02-18 Thread David Brown
: Friday, February 18, 2011 11:02 AM To: Mailman Announce; Mailman i18n; Mailman Users; Mailman Developers Subject: Re: [Mailman-Developers] Mailman Security Patch Announcement -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/13/2011 1:58 PM, Mark Sapiro wrote: > An XXS vulnerability affecting Mail

Re: [Mailman-Developers] Mailman Security Patch Announcement

2011-02-18 Thread Mark Sapiro
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/13/2011 1:58 PM, Mark Sapiro wrote: > An XXS vulnerability affecting Mailman 2.1.14 and prior versions has > recently been discovered. A patch has been developed to address this > issue. The patch is small, affects only one module and can be appli

[Mailman-Developers] Mailman Security Patch Announcement

2011-02-13 Thread Mark Sapiro
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 An XXS vulnerability affecting Mailman 2.1.14 and prior versions has recently been discovered. A patch has been developed to address this issue. The patch is small, affects only one module and can be applied to a live installation without requiring a r

[Mailman-Developers] Mailman security patch.

2010-09-04 Thread Mark Sapiro
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I plan to release a Mailman 2.1.14 candidate release towards the end of next week (Sept 9 or 10). This release will have enhanced XSS defenses addressing two recently discovered vulnerabilities. Since release of the code will potentially expose the vul