GNU Mailman 2.1.20

Milestone information

Project:
GNU Mailman
Series:
2.1
Version:
2.1.20
Released:
2015-03-31  
Registrant:
Mark Sapiro
Release registered:
2015-03-28
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
5 Mark Sapiro
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
5 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mailman-2.1.20.tgz (md5, sig) mailman-2.1.20 7,218
last downloaded 10 days ago
Total downloads: 7,218

Release notes 

2.1.20 (31-Mar-2015)

  Security

    - A path traversal vulnerability has been discovered and fixed. This
      vulnerability is only exploitable by a local user on a Mailman server
      where the suggested Exim transport, the Postfix postfix_to_mailman.py
      transport or some other programmatic MTA delivery not using aliases
      is employed. CVE-2015-2775 (LP: #1437145)

  New Features

    - There is a new Address Change sub-section in the web admin Membership
      Management section to allow a list admin to change a list member's
      address in one step rather than adding the new address, copying settings
      and deleting the old address. (LP: #266809)

  i18n

    - The Russian translation has been updated by Danil Smirnov.

    - The Polish translation has been updated by Stefan Plewako.

  Bug fixes and other patches

    - A LookupError in SpamDetect on a message with RFC 2047 encoded headers
      in an unknown character set is fixed. (LP: #1427389)

    - Fixed a bug in CommandRunner that could process the second word of a
      body line as a command word and a case sensitivity in commands in
      Subject: with an Re: prefix. (LP: #1426829)

    - Fixed a bug in CommandRunner that threw an uncaught KeyError if
      the input to the list-request address contained a command word
      terminated by a period. (LP: #1426825)

Changelog 

This release does not have a changelog.

0 blueprints and 5 bugs targeted

Bug report Importance Assignee Status
266809 #266809 Feature Request: Admin change subscriber's e-mail 4 Medium Mark Sapiro  10 Fix Released
1427389 #1427389 SpamDetect throws LookupError if a message has an RFC 2047 encoded header with an unknown encoding. 4 Medium Mark Sapiro  10 Fix Released
1437145 #1437145 Path traversal vulnerability exists in Mailman and can be exploited if Mailman's MTA is Exim. 4 Medium Mark Sapiro  10 Fix Released
1426825 #1426825 CommandRunner throws KeyError 5 Low Mark Sapiro  10 Fix Released
1426829 #1426829 CommandRunner can look too far for command words and 'Subject: Re: Command is case sensitive. 5 Low Mark Sapiro  10 Fix Released
This milestone contains Public information
Everyone can see this information.