-
mailman (1:2.1.15-1+deb7u1) wheezy-security; urgency=high
* Fix security issue: path traversal through local_part.
Affects installations which use an Exim or Postfix transport
instead of fixed aliases; attacker needs to be able to place
files on the local filesystem.
(CVE-2015-2775, Closes: 781626)
-- Thijs Kinkhorst <email address hidden> Mon, 06 Apr 2015 18:17:34 +0200
-
mailman (1:2.1.15-1) unstable; urgency=low
* New upstream release.
* Improve Exim4 instructions, thanks Andrew Hodgson.
* Remove obsolete PRIVATE_ARCHIVE_URL variable, thanks Matthew Hall
(closes: #676481).
* Correct mmarch man page, thanks Francesco Potortì (closes: #583369).
* Specify need for MTA=None in postfix-to-mailman.py (closes: #648976).
-- Thijs Kinkhorst <email address hidden> Sat, 16 Jun 2012 12:04:40 +0200
-
mailman (1:2.1.15~rc1-1) unstable; urgency=low
[ Thijs Kinkhorst ]
* New upstream release candidate.
* Remove obsolete patches, applied upstream:
02_use_dpkg_buildflags.patch
07_snooze.patch
59_fix_missing_language_crash.patch
70_invalid_utf8_dos.patch
71_date_overflows.patch
74_admin_non-ascii_emails.patch
80_CVE-2011-0707_confirm_xss.patch
99_js_templates.patch
[ Thorsten Glaser ]
* Update the watch file for Launchpad
-- Thijs Kinkhorst <email address hidden> Sun, 20 May 2012 14:01:42 +0200
-
mailman (1:2.1.14-4) unstable; urgency=low
* Ensure CPPFLAGS and LDFLAGS are actually used during build,
thanks Simon Ruderich for the patch! (closes: #663590)
Additionally, enable all available hardening features.
* Checked for policy 3.9.3, add DEP3 patch headers.
* Add Danish debconf translation, thanks Joe Dalton (closes: #659467).
* Add 'su root list' statements to logrotate config, to cope
with logrotate >= 3.8; thanks Joël Bertrand (closes: #653766).
* Avoid config file prompt for mailman crontab entry if this
file was unmodified (closes: #655837).
-- Thijs Kinkhorst <email address hidden> Sun, 18 Mar 2012 14:12:49 +0100
-
mailman (1:2.1.14-3) unstable; urgency=low
* Make man page descruptions match more keywords (closes: #597112).
* Add cull_bad_shunt command to default cron job (closes: #615204)
and improve cron job handling in the package.
* Import dpkg buildflags, also enabling hardening features.
* Remove gate_news debconf question.
-- Thijs Kinkhorst <email address hidden> Sat, 08 Oct 2011 17:27:51 +0200
-
mailman (1:2.1.14-2) unstable; urgency=low
[ Thijs Kinkhorst ]
* Move mail-transport-agent to Recommends, since Mailman can be
configured to run with a remote MTA (closes: #616292).
* Update to policy 3.9.2, add build-{arch,indep} targets.
[ Thorsten Glaser ]
* Add myself to Uploaders, as suggested by Thijs.
* Apply patch from Barry Warsaw to switch from python-support
to dh_python2. (LP: #788514) (Closes: #637398)
-- Thijs Kinkhorst <email address hidden> Wed, 17 Aug 2011 12:00:50 +0000
-
mailman (1:2.1.14-1) unstable; urgency=medium
* New upstream release. Patches incorporated: - 15_mailmanctl_daemonize.patch - 83-CVE-2010-3089--bug599833.patch * Add upstream patch for CVE-2011-0707: XSS in confirmations. -- Thijs Kinkhorst <email address hidden> Sat, 19 Feb 2011 08:26:43 +0100
-
mailman (1:2.1.13-4.1) unstable; urgency=high
* Non-maintainer upload.
* debian/patches
- (83): New. CVE-2010-3089 security fix from mailman 2.14. Patch
thanks to <email address hidden> (grave, security; Closes: #599833).
-- Jari Aalto <email address hidden> Sat, 16 Oct 2010 08:46:55 +0300
