current-users: Re: Mailman vulnerability

Subject: Re: Mailman vulnerability
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: current-users
Date: 12/10/2005 16:36:39

--JI+G0+mN8WmwPnOn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 10, 2005 at 10:29:33AM -0500, Steven M. Bellovin wrote:
> In message <20051210151347.GG12942@Xtrmntr.org>, Lubomir Sedlacik
> writes:
> > how old is your pkg-vulnerabilities file?  the version number was
> > corrected after the fix was commited in revision 1.1245.
>=20
> I still see the problem with 1.1252.
>=20
> > and why is this discussed on current-users?  please contact the
> > pkgsrc security team at pkgsrc-security@ when in doubt about
> > pkg-vulnerabilities and related issues.  thanks,
>=20
> Added to my cc list; current-users kept because that's where the issue
> was raised.
>=20
> mailman<2.6.1nb1        1542,denial-of-service          http://secunia.co=
m/advisories/17511/
          ^^^^^
> [...]
> =3D=3D=3D> Checking for vulnerabilities in mailman-2.1.6nb1
                                               ^^^^^

ok, i see it now.  manuel mistyped 2.1.6 as 2.6.1.  fixed now, make sure
you have revision 1.1253.

regards,

--=20
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

--JI+G0+mN8WmwPnOn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFDmvYHiwjDDlS8cmMRAseJAKCWFZhIuunaWV+YjlsztxBtLlzGgwCfUS9b
3JnBeOPcXOqHwwFHp0o1KVg=
=DmIq
-----END PGP SIGNATURE-----

--JI+G0+mN8WmwPnOn--