UbuntuUpdates.org

Package "mailman"

Name: mailman

Description:

Powerful, web-based mailing list manager
Latest version: 1:2.1.14-3ubuntu0.4
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.list.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "mailman"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "mailman" in Precise

Repository Area Version
base main 1:2.1.14-3
security main 1:2.1.14-3ubuntu0.4

Changelog

Version: 1:2.1.14-3ubuntu0.4 2016-11-01 20:06:55 UTC

  mailman (1:2.1.14-3ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: CSRF vulnerability in the admin interface
    - debian/patches/CVE-2016-7123.patch: add CSRF checks to
      Mailman/CSRFcheck.py, Mailman/Cgi/admin.py, Mailman/Defaults.py.in,
      Mailman/htmlformat.py.
    - CVE-2016-7123
  * SECURITY UPDATE: CSRF vulnerability in the user options page
    - debian/patches/CVE-2016-6893.patch: add CSRF checks to
      Mailman/Cgi/admindb.py, Mailman/Cgi/edithtml.py,
      Mailman/Cgi/options.py, Mailman/HTMLFormatter.py,
      Mailman/htmlformat.py.
    - CVE-2016-6893

 -- Marc Deslauriers <email address hidden> Fri, 28 Oct 2016 15:19:14 -0400
Source diff to previous version
CVE-2016-7123 Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authent
CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the aut

Version: 1:2.1.14-3ubuntu0.2 2015-04-07 17:06:29 UTC

  mailman (1:2.1.14-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2015-2775.patch: validate list name in
      Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
    - CVE-2015-2775
 -- Marc Deslauriers <email address hidden> Fri, 03 Apr 2015 08:39:37 -0400
Source diff to previous version
CVE-2015-2775 Path traversal vulnerability

Version: 1:2.1.14-3ubuntu0.1 2012-07-30 01:06:51 UTC

  mailman (1:2.1.14-3ubuntu0.1) precise-proposed; urgency=low

  * Ensure clean, unprompted upgrades of mailman from previous
    releases (LP: #911244):
    - d/preinst.in: Cherry picked update from most recent packaging to
      remove any unmanaged+unchanged versions of /etc/cron.d/mailman prior
      to installation of the new, managed version.
 -- James Page <email address hidden> Fri, 13 Jul 2012 08:42:33 +0100
911244 [SRU] prompt to change unmodified conf file /etc/cron.d/mailman during upgrade from oneiric to precise


About   -   Send Feedback to @ubuntu_updates