Subject: CVS commit: [pkgsrc-2006Q2] pkgsrc/mail/mailman
To: None <>
From: Geert Hendrickx <>
List: pkgsrc-changes
Date: 09/11/2006 09:26:09
Module Name:	pkgsrc
Committed By:	ghen
Date:		Mon Sep 11 09:26:09 UTC 2006

Modified Files:
	pkgsrc/mail/mailman [pkgsrc-2006Q2]: Makefile PLIST distinfo

Log Message:
Pullup ticket 1819 - requested by bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile				1.45
- pkgsrc/mail/mailman/PLIST				1.12
- pkgsrc/mail/mailman/distinfo				1.13

   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Sat Sep  9 23:20:11 UTC 2006

   Modified Files:
	pkgsrc/mail/mailman: Makefile PLIST distinfo

   Log Message:
   Update to 2.1.9rc1, fixes security issues.


       - A malicious user could visit a specially crafted URI and inject an
         apparent log message into Mailman's error log which might induce an
         unsuspecting administrator to visit a phishing site.  This has been
         blocked.  Thanks to Moritz Naumann for its discovery.

       - Fixed denial of service attack which can be caused by some
         standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

       - Several cross-site scripting issues have been fixed.  Thanks to Moritz
         Naumann for their discovery.  CVE-2006-3636


       - New languages: Arabic, Vietnamese.

     Bug fixes and other patches

       - Fixed so that characters in message header/footer which
         are not in the character set of the list's language are ignored rather
         than causing shunted messages (1507248).

       - - Closed very tiny holes at the upper ends of queue
         slices that could result in unprocessable queue entries.  Improved FIFO
         processing when two queue entries have the same timestamp.

To generate a diff of this commit:
cvs rdiff -r1.44 -r1.44.2.1 pkgsrc/mail/mailman/Makefile
cvs rdiff -r1.11 -r1.11.2.1 pkgsrc/mail/mailman/PLIST
cvs rdiff -r1.12 -r1.12.2.1 pkgsrc/mail/mailman/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.