Subject: pkg/34567: [update] mail/mailman (security fixes)
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Martin Wilke <miwi@FreeBSD.org>
List: pkgsrc-bugs
Date: 09/20/2006 14:00:01
>Number:         34567
>Category:       pkg
>Synopsis:       [update] mail/mailman (security fixes)
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 20 14:00:01 +0000 2006
>Originator:     Martin Wilke
>Release:        NetBSD 4.0_BETA i386
>Organization:
>Environment:


System: NetBSD 4.0_BETA (GENERIC) #0: Thu Aug 31 02:51:57 UTC 2006
	builds@b4.netbsd.org:/home/builds/ab/netbsd-4/i386/200608300000Z-obj/home/builds/ab/netbsd-4/src/sys/arch/i386/compile/GENERIC



>Description:


Update to 2.1.9

Changes:
  Security

    - A malicious user could visit a specially crafted URI and inject an
      apparent log message into Mailman's error log which might induce an
      unsuspecting administrator to visit a phishing site.  This has been
      blocked.  Thanks to Moritz Naumann for its discovery.

    - Fixed denial of service attack which can be caused by some
      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
      Naumann for their discovery.  CVE-2006-3636

    - Fixed an unexploitable format string vulnerability.  Discovery and fix
      by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
      Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.

  Internationalization

    - New languages: Arabic, Vietnamese.

  Bug fixes and other patches

    - Fixed Decorate.py so that characters in message header/footer which
      are not in the character set of the list's language are ignored rather
      than causing shunted messages (1507248).

    - Switchboard.py - Closed very tiny holes at the upper ends of queue
      slices that could result in unprocessable queue entries.  Improved FIFO
      processing when two queue entries have the same timestamp.


>How-To-Repeat:





>Fix:


--- mailman.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/pkgsrc/mail/mailman/Makefile,v
retrieving revision 1.44
diff -u -r1.44 Makefile
--- Makefile	15 Jun 2006 22:13:59 -0000	1.44
+++ Makefile	20 Sep 2006 12:52:10 -0000
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.44 2006/06/15 22:13:59 jlam Exp $
 
-DISTNAME=	mailman-2.1.8
+DISTNAME=	mailman-2.1.9
 CATEGORIES=	mail www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=mailman/}
 EXTRACT_SUFX=	.tgz
Index: PLIST
===================================================================
RCS file: /home/pcvs/pkgsrc/mail/mailman/PLIST,v
retrieving revision 1.11
diff -u -r1.11 PLIST
--- PLIST	10 May 2006 13:18:21 -0000	1.11
+++ PLIST	20 Sep 2006 13:31:11 -0000
@@ -359,6 +359,8 @@
 lib/mailman/icons/mailman.jpg
 lib/mailman/icons/mm-icon.png
 lib/mailman/mail/mailman
+lib/mailman/messages/ar/LC_MESSAGES/mailman.mo
+lib/mailman/messages/ar/LC_MESSAGES/mailman.po
 lib/mailman/messages/ca/LC_MESSAGES/mailman.mo
 lib/mailman/messages/ca/LC_MESSAGES/mailman.po
 lib/mailman/messages/cs/LC_MESSAGES/mailman.mo
@@ -431,6 +433,8 @@
 lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.mo
 lib/mailman/messages/zh_TW/LC_MESSAGES/mailman.po
 lib/mailman/messages/zh_TW/LC_MESSAGES/mailman.mo
+lib/mailman/messages/vi/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.mo
 lib/mailman/pythonlib/email/Charset.py
 lib/mailman/pythonlib/email/Charset.pyc
 lib/mailman/pythonlib/email/Encoders.py
@@ -611,6 +615,50 @@
 lib/mailman/scripts/subscribe
 lib/mailman/scripts/unsubscribe
 lib/mailman/support/sitelist.cfg
+lib/mailman/templates/ar/admindbdetails.html
+lib/mailman/templates/ar/admindbpreamble.html
+lib/mailman/templates/ar/admindbsummary.html
+lib/mailman/templates/ar/adminsubscribeack.txt
+lib/mailman/templates/ar/adminunsubscribeack.txt
+lib/mailman/templates/ar/admlogin.html
+lib/mailman/templates/ar/approve.txt
+lib/mailman/templates/ar/archidxentry.html
+lib/mailman/templates/ar/archidxfoot.html
+lib/mailman/templates/ar/archidxhead.html
+lib/mailman/templates/ar/archlistend.html
+lib/mailman/templates/ar/archliststart.html
+lib/mailman/templates/ar/archtoc.html
+lib/mailman/templates/ar/archtocentry.html
+lib/mailman/templates/ar/archtocnombox.html
+lib/mailman/templates/ar/article.html
+lib/mailman/templates/ar/bounce.txt
+lib/mailman/templates/ar/checkdbs.txt
+lib/mailman/templates/ar/convert.txt
+lib/mailman/templates/ar/cronpass.txt
+lib/mailman/templates/ar/disabled.txt
+lib/mailman/templates/ar/emptyarchive.html
+lib/mailman/templates/ar/headfoot.html
+lib/mailman/templates/ar/help.txt
+lib/mailman/templates/ar/invite.txt
+lib/mailman/templates/ar/listinfo.html
+lib/mailman/templates/ar/masthead.txt
+lib/mailman/templates/ar/newlist.txt
+lib/mailman/templates/ar/nomoretoday.txt
+lib/mailman/templates/ar/options.html
+lib/mailman/templates/ar/postack.txt
+lib/mailman/templates/ar/postauth.txt
+lib/mailman/templates/ar/postheld.txt
+lib/mailman/templates/ar/private.html
+lib/mailman/templates/ar/probe.txt
+lib/mailman/templates/ar/refuse.txt
+lib/mailman/templates/ar/roster.html
+lib/mailman/templates/ar/subauth.txt
+lib/mailman/templates/ar/subscribe.html
+lib/mailman/templates/ar/subscribeack.txt
+lib/mailman/templates/ar/unsub.txt
+lib/mailman/templates/ar/unsubauth.txt
+lib/mailman/templates/ar/userpass.txt
+lib/mailman/templates/ar/verify.txt
 lib/mailman/templates/ca/admindbdetails.html
 lib/mailman/templates/ca/admindbpreamble.html
 lib/mailman/templates/ca/admindbsummary.html
@@ -960,6 +1008,7 @@
 lib/mailman/templates/fi/verify.txt
 lib/mailman/templates/fr/admindbdetails.html
 lib/mailman/templates/fr/admindbpreamble.html
+lib/mailman/templates/fr/archtocnombox.html
 lib/mailman/templates/fr/admindbsummary.html
 lib/mailman/templates/fr/adminsubscribeack.txt
 lib/mailman/templates/fr/adminunsubscribeack.txt
@@ -1791,6 +1840,50 @@
 lib/mailman/templates/uk/unsubauth.txt
 lib/mailman/templates/uk/userpass.txt
 lib/mailman/templates/uk/verify.txt
+lib/mailman/templates/vi/admindbdetails.html
+lib/mailman/templates/vi/admindbpreamble.html
+lib/mailman/templates/vi/admindbsummary.html
+lib/mailman/templates/vi/adminsubscribeack.txt
+lib/mailman/templates/vi/adminunsubscribeack.txt
+lib/mailman/templates/vi/admlogin.html
+lib/mailman/templates/vi/approve.txt
+lib/mailman/templates/vi/archidxentry.html
+lib/mailman/templates/vi/archidxfoot.html
+lib/mailman/templates/vi/archidxhead.html
+lib/mailman/templates/vi/archlistend.html
+lib/mailman/templates/vi/archliststart.html
+lib/mailman/templates/vi/archtoc.html
+lib/mailman/templates/vi/archtocentry.html
+lib/mailman/templates/vi/archtocnombox.html
+lib/mailman/templates/vi/article.html
+lib/mailman/templates/vi/bounce.txt
+lib/mailman/templates/vi/checkdbs.txt
+lib/mailman/templates/vi/convert.txt
+lib/mailman/templates/vi/cronpass.txt
+lib/mailman/templates/vi/disabled.txt
+lib/mailman/templates/vi/emptyarchive.html
+lib/mailman/templates/vi/headfoot.html
+lib/mailman/templates/vi/help.txt
+lib/mailman/templates/vi/invite.txt
+lib/mailman/templates/vi/listinfo.html
+lib/mailman/templates/vi/masthead.txt
+lib/mailman/templates/vi/newlist.txt
+lib/mailman/templates/vi/nomoretoday.txt
+lib/mailman/templates/vi/options.html
+lib/mailman/templates/vi/postack.txt
+lib/mailman/templates/vi/postauth.txt
+lib/mailman/templates/vi/postheld.txt
+lib/mailman/templates/vi/private.html
+lib/mailman/templates/vi/probe.txt
+lib/mailman/templates/vi/refuse.txt
+lib/mailman/templates/vi/roster.html
+lib/mailman/templates/vi/subauth.txt
+lib/mailman/templates/vi/subscribe.html
+lib/mailman/templates/vi/subscribeack.txt
+lib/mailman/templates/vi/unsub.txt
+lib/mailman/templates/vi/unsubauth.txt
+lib/mailman/templates/vi/userpass.txt
+lib/mailman/templates/vi/verify.txt
 lib/mailman/templates/zh_CN/admindbdetails.html
 lib/mailman/templates/zh_CN/admindbpreamble.html
 lib/mailman/templates/zh_CN/admindbsummary.html
@@ -1977,6 +2070,7 @@
 @dirrm lib/mailman/tests/msgs
 @dirrm lib/mailman/tests/bounces
 @dirrm lib/mailman/tests
+@dirrm lib/mailman/templates/vi
 @dirrm lib/mailman/templates/zh_TW
 @dirrm lib/mailman/templates/zh_CN
 @dirrm lib/mailman/templates/uk
@@ -2008,6 +2102,7 @@
 @dirrm lib/mailman/templates/da
 @dirrm lib/mailman/templates/cs
 @dirrm lib/mailman/templates/ca
+@dirrm lib/mailman/templates/ar
 @dirrm lib/mailman/templates
 @dirrm lib/mailman/support
 @dirrm lib/mailman/scripts
@@ -2025,6 +2120,8 @@
 @dirrm lib/mailman/pythonlib/japanese
 @dirrm lib/mailman/pythonlib/email
 @dirrm lib/mailman/pythonlib
+@dirrm lib/mailman/messages/vi/LC_MESSAGES
+@dirrm lib/mailman/messages/vi/
 @dirrm lib/mailman/messages/zh_TW/LC_MESSAGES
 @dirrm lib/mailman/messages/zh_TW
 @dirrm lib/mailman/messages/zh_CN/LC_MESSAGES
@@ -2085,6 +2182,8 @@
 @dirrm lib/mailman/messages/cs
 @dirrm lib/mailman/messages/ca/LC_MESSAGES
 @dirrm lib/mailman/messages/ca
+@dirrm lib/mailman/messages/ar/LC_MESSAGES
+@dirrm lib/mailman/messages/ar/
 @dirrm lib/mailman/messages
 @dirrm lib/mailman/mail
 @dirrm lib/mailman/icons
Index: distinfo
===================================================================
RCS file: /home/pcvs/pkgsrc/mail/mailman/distinfo,v
retrieving revision 1.12
diff -u -r1.12 distinfo
--- distinfo	14 Jun 2006 14:31:35 -0000	1.12
+++ distinfo	20 Sep 2006 12:53:13 -0000
@@ -1,8 +1,8 @@
 $NetBSD: distinfo,v 1.12 2006/06/14 14:31:35 tv Exp $
 
-SHA1 (mailman-2.1.8.tgz) = 4ff71bc2a02f9ac06dada71d4c5b3208c0959aa2
-RMD160 (mailman-2.1.8.tgz) = ee697e25b3c9407fa032d482dc4b597b281367fa
-Size (mailman-2.1.8.tgz) = 6856039 bytes
+SHA1 (mailman-2.1.9.tgz) = e9f6f55e2551c3e576460749383da20599412d42
+RMD160 (mailman-2.1.9.tgz) = 135f94eeecca1f562f98dfe98c1a367bed229372
+Size (mailman-2.1.9.tgz) = 7829201 bytes
 SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f
 SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
 SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30
--- mailman.diff ends here ---