current-users: Re: Mailman vulnerability

Subject: Re: Mailman vulnerability
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: D'Arcy J.M. Cain <darcy@NetBSD.org>
List: current-users
Date: 12/10/2005 09:29:06

On Sat, 10 Dec 2005 09:07:09 -0500
"Steven M. Bellovin" <smb@cs.columbia.edu> wrote:
> In message <20051210075250.5e86cec9.darcy@NetBSD.org>, "D'Arcy J.M. Cain" write
> >However, Manuel Bouyer supposedly fixed this:
> >
> >revision 1.27
> >date: 2005/12/08 21:09:04;  author: bouyer;  state: Exp;  lines: +2 -1
> >Apply patch (from debian via Kimmo Suominen) to address
> >http://secunia.com/advisories/17511/ (denial of service).
> >
> >Is there something else that needs to be fixed?
> >
> 
> I was poking around the Mailman site a few days ago, and did not see 
> any official fix for it there.  We'd have to import the Debian fix
> mentioned in the advisory.

That's my point.  It looks like we already did but it still complains.

-- 
D'Arcy J.M. Cain <darcy@NetBSD.org>
http://www.NetBSD.org/