Subject: Re: Mailman vulnerability
To: D'Arcy J.M. Cain <>
From: Lubomir Sedlacik <>
List: current-users
Date: 12/10/2005 16:13:47
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 10, 2005 at 09:29:06AM -0500, D'Arcy J.M. Cain wrote:
> On Sat, 10 Dec 2005 09:07:09 -0500 Steven M. Bellovin wrote:
> > I was poking around the Mailman site a few days ago, and did not see
> > any official fix for it there.  We'd have to import the Debian fix
> > mentioned in the advisory.
> That's my point.  It looks like we already did but it still complains.

how old is your pkg-vulnerabilities file?  the version number was
corrected after the fix was commited in revision 1.1245.

and why is this discussed on current-users?  please contact the pkgsrc
security team at pkgsrc-security@ when in doubt about
pkg-vulnerabilities and related issues.  thanks,


-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.2 (NetBSD)