GNU Mailman

GNU Mailman 2.1.33

  1. Series 2.1
  2. 2.1.33

Milestone information

Project:
GNU Mailman
Series:
2.1
Version:
2.1.33
Released:
 
Registrant:
Mark Sapiro
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
1 Mark Sapiro
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
1 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mailman-2.1.33.tgz (md5, sig) Mailman 2.1.33 725
last downloaded 2 weeks ago
Total downloads: 725

Release notes 

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed. (LP: #1877379)

Changelog 

View the full changelog

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed. (LP: #1877379)

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and uptated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

0 blueprints and 1 bug targeted

Bug report Importance Assignee Status
1877379 #1877379 Arbitrary Content Injection via the private archive login page. 5 Low Mark Sapiro  10 Fix Released
This milestone contains Public information
Everyone can see this information.