Ubuntu

Change log for “mailman” package in Ubuntu

170 of 70 results
Published in trusty-release on 2014-04-13
Deleted in trusty-proposed (Reason: moved to release)
mailman (1:2.1.16-2) unstable; urgency=medium


  * Upload to unstable, as requested by Thijs; we did not encounter
    any unexpected trouble with the version in experimental, and it
    does fix an RC bug as well as a release goal.

 -- Thorsten Glaser <email address hidden>  Mon, 03 Feb 2014 14:00:37 +0100

Available diffs

Superseded in trusty-release on 2014-04-13
Deleted in trusty-proposed on 2014-04-14 (Reason: moved to release)
mailman (1:2.1.16-1) unstable; urgency=low


  * New upstream release.

 -- Thijs Kinkhorst <email address hidden>  Wed, 06 Nov 2013 19:57:54 +0100

Available diffs

Superseded in trusty-release on 2013-12-21
Published in saucy-release on 2013-08-21
Deleted in saucy-proposed (Reason: moved to release)
mailman (1:2.1.16~rc2-1) unstable; urgency=low


  [ Thijs Kinkhorst ]
  * New upstream release candidate.
    - Exposes message-id to templates (closes: #614340).
  * Remove obsolete patches, applied upstream:
    21_newlist_help.patch
  * Updates to Russian debconf templates, thanks Ivan Krylov!
    (closes: #710268).
  * Needs at least version 3.8.0 of logrotate (closes: #687215).
  * Add autopkgtests, thanks Yolanda Robla! (closes: #710095)
  * Packaging cleanup: checked for policy 3.9.4, update Vcs URL,
    recommend default-mta instead of exim4.

  [ Thorsten Glaser ]
  * Prevent losing stderr in the init script when there are many lists.
    (closes: #702002)
  * debian/watch: mangle the epoch away so DDPO is green again.

 -- Thijs Kinkhorst <email address hidden>  Sun, 04 Aug 2013 12:00:05 +0200
Superseded in saucy-release on 2013-08-21
Deleted in saucy-proposed on 2013-08-22 (Reason: moved to release)
mailman (1:2.1.15-1ubuntu2) saucy; urgency=low

  * debian/tests: Add autopkgtest.
 -- Yolanda <email address hidden>   Thu, 23 May 2013 12:48:32 +0200
Superseded in saucy-release on 2013-05-27
Published in raring-release on 2013-01-17
Deleted in raring-proposed (Reason: moved to release)
mailman (1:2.1.15-1ubuntu1) raring; urgency=low

  * Fix FTBFS: correct expected Python.h location in configure script
    (LP: #1098162).
    - d/control: add build dependency on dh-autoreconf
    - d/rules: use dh_autoreconf and dh_autoreconf_clean
    - d/patches/80_python_h_location.patch: patch configure.in
 -- Robie Basak <email address hidden>   Thu, 10 Jan 2013 12:10:20 +0000
Published in precise-updates on 2012-07-30
Deleted in precise-proposed (Reason: moved to -updates)
mailman (1:2.1.14-3ubuntu0.1) precise-proposed; urgency=low

  * Ensure clean, unprompted upgrades of mailman from previous
    releases (LP: #911244):
    - d/preinst.in: Cherry picked update from most recent packaging to
      remove any unmanaged+unchanged versions of /etc/cron.d/mailman prior
      to installation of the new, managed version.
 -- James Page <email address hidden>   Fri, 13 Jul 2012 08:42:33 +0100
Superseded in raring-release on 2013-01-17
Published in quantal-release on 2012-06-18
mailman (1:2.1.15-1) unstable; urgency=low


  * New upstream release.
  * Improve Exim4 instructions, thanks Andrew Hodgson.
  * Remove obsolete PRIVATE_ARCHIVE_URL variable, thanks Matthew Hall
    (closes: #676481).
  * Correct mmarch man page, thanks Francesco Potortì (closes: #583369).
  * Specify need for MTA=None in postfix-to-mailman.py (closes: #648976).

 -- Thijs Kinkhorst <email address hidden>  Sat, 16 Jun 2012 12:04:40 +0200

Available diffs

Superseded in quantal-release on 2012-06-18
mailman (1:2.1.15~rc1-1) unstable; urgency=low


  [ Thijs Kinkhorst ]
  * New upstream release candidate.
  * Remove obsolete patches, applied upstream:
    02_use_dpkg_buildflags.patch
    07_snooze.patch
    59_fix_missing_language_crash.patch
    70_invalid_utf8_dos.patch
    71_date_overflows.patch
    74_admin_non-ascii_emails.patch
    80_CVE-2011-0707_confirm_xss.patch
    99_js_templates.patch

  [ Thorsten Glaser ]
  * Update the watch file for Launchpad

 -- Thijs Kinkhorst <email address hidden>  Sun, 20 May 2012 14:01:42 +0200

Available diffs

Superseded in quantal-release on 2012-05-24
mailman (1:2.1.14-4) unstable; urgency=low


  * Ensure CPPFLAGS and LDFLAGS are actually used during build,
    thanks Simon Ruderich for the patch! (closes: #663590)
    Additionally, enable all available hardening features.
  * Checked for policy 3.9.3, add DEP3 patch headers.
  * Add Danish debconf translation, thanks Joe Dalton (closes: #659467).
  * Add 'su root list' statements to logrotate config, to cope
    with logrotate >= 3.8; thanks Joël Bertrand (closes: #653766).
  * Avoid config file prompt for mailman crontab entry if this
    file was unmodified (closes: #655837).

 -- Thijs Kinkhorst <email address hidden>  Sun, 18 Mar 2012 14:12:49 +0100
Superseded in quantal-release on 2012-05-01
Published in precise-release on 2011-10-19
mailman (1:2.1.14-3) unstable; urgency=low

  * Make man page descruptions match more keywords (closes: #597112).
  * Add cull_bad_shunt command to default cron job (closes: #615204)
    and improve cron job handling in the package.
  * Import dpkg buildflags, also enabling hardening features.
  * Remove gate_news debconf question.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  19 Oct 2011 09:20:03 +0000
Superseded in precise-release on 2011-10-19
mailman (1:2.1.14-2) unstable; urgency=low


  [ Thijs Kinkhorst ]
  * Move mail-transport-agent to Recommends, since Mailman can be
    configured to run with a remote MTA (closes: #616292).
  * Update to policy 3.9.2, add build-{arch,indep} targets.

  [ Thorsten Glaser ]
  * Add myself to Uploaders, as suggested by Thijs.
  * Apply patch from Barry Warsaw to switch from python-support
    to dh_python2. (LP: #788514) (Closes: #637398)

 -- Thijs Kinkhorst <email address hidden>  Wed, 17 Aug 2011 12:00:50 +0000

Available diffs

Superseded in precise-release on 2011-10-17
Published in oneiric-release on 2011-08-15
mailman (1:2.1.14-1ubuntu2) oneiric; urgency=low

  * Fix Python dependencies in resulting deb. (LP: #826795)
 -- Barry Warsaw <email address hidden>   Mon, 15 Aug 2011 15:03:30 -0400
Superseded in oneiric-release on 2011-08-15
mailman (1:2.1.14-1ubuntu1) oneiric; urgency=low

  * Switch to dh_python2. (LP: #788514)
 -- Barry Warsaw <email address hidden>   Wed, 10 Aug 2011 18:58:09 -0400

Available diffs

Superseded in oneiric-release on 2011-08-10
Obsolete in natty-release on 2013-06-04
mailman (1:2.1.14-1) unstable; urgency=medium

  * New upstream release. Patches incorporated:
    - 15_mailmanctl_daemonize.patch
    - 83-CVE-2010-3089--bug599833.patch
  * Add upstream patch for CVE-2011-0707: XSS in confirmations.
 -- Dave Walker <email address hidden>   Tue,  22 Feb 2011 12:36:51 +0000

Available diffs

Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
mailman (2.1.5-9ubuntu4.4) dapper-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
    - debian/patches/101_CVE-2011-0707.dpatch: properly clean strings in
      Mailman/Cgi/confirm.py.
    - CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
    information and description fields
    - debian/patches/102_CVE-2010-3089.dpatch: properly clean strings in
      Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
    - CVE-2010-3089
 -- Marc Deslauriers <email address hidden>   Thu, 17 Feb 2011 10:14:56 -0500
Published in hardy-updates on 2011-02-22
Published in hardy-security on 2011-02-22
mailman (1:2.1.9-9ubuntu1.4) hardy-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
    - debian/patches/101_CVE-2011-0707.patch: properly clean strings in
      Mailman/Cgi/confirm.py.
    - CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
    information and description fields
    - debian/patches/102_CVE-2010-3089.patch: properly clean strings in
      Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
    - CVE-2010-3089
 -- Marc Deslauriers <email address hidden>   Thu, 17 Feb 2011 10:10:41 -0500
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
mailman (1:2.1.12-2ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
    - debian/patches/80_CVE-2011-0707.patch: properly clean strings in
      Mailman/Cgi/confirm.py.
    - CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
    information and description fields
    - debian/patches/81_CVE-2010-3089.patch: properly clean strings in
      Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
    - CVE-2010-3089
 -- Marc Deslauriers <email address hidden>   Thu, 17 Feb 2011 10:05:20 -0500
Published in lucid-updates on 2011-02-22
Published in lucid-security on 2011-02-22
mailman (1:2.1.13-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
    - debian/patches/80_CVE-2011-0707.patch: properly clean strings in
      Mailman/Cgi/confirm.py.
    - CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
    information and description fields
    - debian/patches/81_CVE-2010-3089.patch: properly clean strings in
      Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
    - CVE-2010-3089
 -- Marc Deslauriers <email address hidden>   Thu, 17 Feb 2011 10:02:48 -0500
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
mailman (1:2.1.13-4ubuntu0.2) maverick-security; urgency=low

  * SECURITY UPDATE: Cross-Site Scripting vulnerability in confirm.py
    - debian/patches/80_CVE-2011-0707.patch: properly clean strings in
      Mailman/Cgi/confirm.py.
    - CVE-2011-0707
  * SECURITY UPDATE: Cross-Site Scripting vulnerabilities in list
    information and description fields
    - debian/patches/81_CVE-2010-3089.patch: properly clean strings in
      Mailman/Cgi/{listinfo,HTMLFormatter,Utils}.py.
    - CVE-2010-3089
 -- Marc Deslauriers <email address hidden>   Thu, 17 Feb 2011 09:49:04 -0500
Superseded in hardy-updates on 2011-02-22
Deleted in hardy-proposed on 2011-02-23 (Reason: moved to -updates)
mailman (1:2.1.9-9ubuntu1.2) hardy-proposed; urgency=low

  * debian/mailman.logrotate: quiet down logrotate for mailman log
    files (LP: #244233)
 -- Imre Gergely <email address hidden>   Tue, 07 Dec 2010 23:44:02 +0200
Superseded in hardy-updates on 2011-01-04
Deleted in hardy-proposed on 2011-01-05 (Reason: moved to -updates)
mailman (1:2.1.9-9ubuntu1.1) hardy-proposed; urgency=low

  * Patched bundled python-2.5.8 email package to correctly parse
    email addresses (LP: #659975)
 -- James Page <email address hidden>   Thu, 14 Oct 2010 15:43:11 +0100
Superseded in natty-release on 2011-02-22
mailman (1:2.1.13-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * debian/patches
    - (83): New. CVE-2010-3089 security fix from mailman 2.14. Patch
      thanks to <email address hidden> (grave, security; Closes: #599833).
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  22 Oct 2010 15:50:25 +0000

Available diffs

Superseded in natty-release on 2010-10-22
Obsolete in maverick-release on 2013-03-05
mailman (1:2.1.13-4) unstable; urgency=medium

  * Fix permissions on /var/lib/mailman/archives/private, so
    archiving works again. Problem introduced in 1:2.1.12-3.
  * Fix invocation of update-rc.d which yields an error when
    not using dependency-based boot (closes: #590249).
  * Checked for policy 3.9.1, no changes needed.

Available diffs

Superseded in maverick-release on 2010-07-31
mailman (1:2.1.13-2) unstable; urgency=low

  * postfix-to-mailman.py: check for list existence before stripping off
    administrative suffixes, making it also work for mailing list names
    ending in e.g. -admin. Thanks Axel Beckert for the patch!
    (Closes: #570548)
  * Checked for policy 3.8.4, no changes.
  * Minor fixes pointed out by Lintian.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Sun,  09 May 2010 13:57:05 +0100

Available diffs

Superseded in maverick-release on 2010-05-09
Published in lucid-release on 2010-01-18
mailman (1:2.1.13-1) unstable; urgency=low

  * New upstream release. Patches incorporated:
    - 16_update_debian (partially)
    - 30_pipermail_threads
    - 65_handle_templates_directories
    - 77_header_folding_in_attachments
  * Remove msgfmt.py, only used at build-time (closes: #555416).
  * Remove adduser calls for 'list' user. Base-passwd guarantees it
    to be available, and trying to add it if it were not present may
    lead to inconsistencies regarding expectations for that user.
  * Document second parameter of postfix-to-mailman.py to be
    ${mailbox}, effectively reverting inappropriate fix for #305762
    (closes: #549224).
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  18 Jan 2010 07:31:53 +0000

Available diffs

Superseded in lucid-release on 2010-01-18
mailman (1:2.1.12-3) unstable; urgency=low

  * Remove potentially long running 'find' command in postinst, as
    permissions are already set correctly in the deb. Thanks Paul
    Slootman (closes: #544046).
  * Add Slovak debconf translation, thanks Ivan Masár (closes: #531576).
  * Update 30_pipermail_threads patch to use sequence ID instead of
    message ID, avoids thread breakage in archives. Thanks
    Mark Sapiro.
  * Checked for policy 3.8.3, no changes necessary.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  05 Nov 2009 10:39:31 +0000

Available diffs

Superseded in lucid-release on 2009-11-05
Obsolete in karmic-release on 2013-03-04
mailman (1:2.1.12-2) unstable; urgency=low

  [ Lionel Elie Mamane ]
  * README.Exim4.Debian: add debug_print statements
  * apply fix from upstream to 77_header_folding_in_attachments
    to fix bug it introduces: messages with lines starting with
    "From" are split into several messages in the archive.
  * Use autoconf >= 2.50, not 2.13
  * Ensure Mailman locks directory exists before calling update
    (Closes: #513988).

  [ Thijs Kinkhorst ]
  * Apply patch from Tanguy Ortolo updating postfix-to-mailman
    instructions to avoid backscatter mail (Closes: #520040).
  * Remove obsolete unicodify_archives for upgrading sarge->etch.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  01 Jun 2009 10:44:21 +0100

Available diffs

Superseded in karmic-release on 2009-06-01
Obsolete in jaunty-release on 2013-02-28
mailman (1:2.1.12-1) unstable; urgency=low

  * New upstream release.
    + Minimum Python version is now 2.4.
    + Patches obsoleted (incorporated or not useful anymore):
      00_stolen_from_HEAD,
      11_handle_propfind.patch,
      32_MIME_fixup,
      62_new_list_bad_pending_requests,
      67_update_handle_old_versions,
      68_update_catalan,
      78_DeprecationWarning,
      80_fix_string_search.
      Refresh all others. Many thanks to Mark Sapiro and
      Paul Wise for the help in cleaning this up.
    + Fixes bounce handling NotAMemberError (closes: #517997).
  * Various packaging cleanups, upgrade debhelper to level 7.
  * Removes embedded copy of pythonlib/email module.
  * Checked for policy 3.8.1, remove shipped var/{run,lock}
    dirs, they are already created correctly by the init script.

 -- Chuck Short <email address hidden>   Fri,  03 Apr 2009 20:45:19 +0100

Available diffs

Superseded in jaunty-release on 2009-04-03
mailman (1:2.1.11-11ubuntu1) jaunty; urgency=low

  * debian/patches/100_fix-email_python2.6.patch: Python 2.6 transition. (LP: #343046)
  * Update debian/control as per spec.

 -- Chuck Short <email address hidden>   Fri, 27 Mar 2009 13:29:28 -0400
Superseded in jaunty-release on 2009-03-27
mailman (1:2.1.11-11) unstable; urgency=high

  [ Debconf Translations ]
  * Updated Vietnamese, thanks Clytie Siddall (closes: #513097).

Available diffs

Superseded in jaunty-release on 2009-02-09
mailman (1:2.1.11-7) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Clarify POSTFIX_STYLE_VIRTUAL_DOMAINS syntax, thanks Tomas Pospisek
    (closes: #507519).

  [ Lionel Elie Mamane ]
  * README.Exim4.Debian: Do lookup whole email (with domain, not only
    localpart) in virtual_mailman data file
    (bug introduced in 1:2.1.11-4)
  * README.Exim4.Debian: explain how to regenerate the aliases list
    manually (for people switching their existing configuration to the
    recommended one, or switching MTAs, as opposed to setting up a fresh
    system).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  15 Dec 2008 10:20:49 +0000

Available diffs

Superseded in jaunty-release on 2008-12-15
mailman (1:2.1.11-6) unstable; urgency=high

  * Further site list detection improvements, thanks Adeodato Simó
    for his suggestions.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  17 Nov 2008 09:41:37 +0000

Available diffs

Superseded in jaunty-release on 2008-11-17
mailman (1:2.1.11-5) unstable; urgency=high

  * Make init script also cope with non-specified site list.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  10 Nov 2008 11:57:55 +0000

Available diffs

Superseded in jaunty-release on 2008-11-10
mailman (1:2.1.11-4) unstable; urgency=medium

  [ Lionel Elie Mamane ]
  * Add -loop to list of accepted suffixes for routers in
    README.Exim4.Debian

  [ Thijs Kinkhorst ]
  * Add mischief to logrotate configuration (closes: #504700).
  * Update Mailman group and aliases path in README.Exim4.Debian,
    thanks Kris Popendorf (closes: #504695).
  * Detect a nonstandard site list name, thanks Moritz Naumann
    (closes: #418062).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Sat,  08 Nov 2008 00:04:51 +0000

Available diffs

Superseded in jaunty-release on 2008-11-08
mailman (1:2.1.11-3) unstable; urgency=low

  * Updated Catalan debconf translation, thanks David Planella Molas
    (Closes: #494110).
  * Added patch 68_update_catalan to update Catalan program translation,
    thanks Jordi Mallach (Closes: #492297).
  * Add a README.source file referring to quilt.

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
mailman (1:2.1.10-2) unstable; urgency=low

  * Apply upstream patch to fix regression in cmd_subscribe
    so that email subscribe to the -subscribe or -join address or the
    -request address with a bare 'subscribe' command results in the message
    being shunted.

Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
mailman (1:2.1.9-8ubuntu0.2) gutsy-security; urgency=low

  * debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code
    line which caused the code to become invalid and the package to not be
    installable. (LP: #202332)

 -- Emanuele Gentili <email address hidden>   Sat, 15 Mar 2008 14:40:18 +0100
Obsolete in feisty-updates on 2009-08-20
Obsolete in feisty-security on 2009-08-20
mailman (1:2.1.9-4ubuntu1.2) feisty-security; urgency=low

  * debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code
    line which caused the code to become invalid and the package to not be
    installable. (LP: #202332)

 -- Emanuele Gentili <email address hidden>   Sat, 15 Mar 2008 15:04:04 +0100
Deleted in gutsy-security on 2008-03-15 (Reason: broken security update)
mailman (1:2.1.9-8ubuntu0.1) gutsy-security; urgency=low

  * debian/control:
   + updated maintainer field
  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow
      remote attackers to inject arbitrary web script or HTML via unspecified vectors related
      to (1) editing templates and (2) the list's "info attribute" in the web administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden>   Fri, 07 Mar 2008 03:52:46 +0100
Deleted in feisty-security on 2008-03-15 (Reason: broken security update)
mailman (1:2.1.9-4ubuntu1.1) feisty-security; urgency=low

  * debian/control:
   + updated maintainer field
  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman
      before 2.1.10b1 allow remote attackers to inject arbitrary web
      script or HTML via unspecified vectors related to (1) editing
      templates and (2) the list's "info attribute" in the web
      administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden>   Fri, 07 Mar 2008 05:38:51 +0100
Obsolete in edgy-updates on 2008-06-19
Obsolete in edgy-security on 2008-06-19
mailman (1:2.1.8-2ubuntu2.1) edgy-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman
      before 2.1.10b1 allow remote attackers to inject arbitrary web
      script or HTML via unspecified vectors related to (1) editing
      templates and (2) the list's "info attribute" in the web
      administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden>   Fri, 07 Mar 2008 05:56:34 +0100
Superseded in dapper-updates on 2011-02-22
Superseded in dapper-security on 2011-02-22
mailman (2.1.5-9ubuntu4.2) dapper-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman
      before 2.1.10b1 allow remote attackers to inject arbitrary web
      script or HTML via unspecified vectors related to (1) editing
      templates and (2) the list's "info attribute" in the web
      administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden>   Fri, 07 Mar 2008 06:16:54 +0100
Superseded in intrepid-release on 2008-05-09
Published in hardy-release on 2008-03-07
mailman (1:2.1.9-9ubuntu1) hardy; urgency=low

  * debian/control:
   + updated maintainer field
  * SECURITY UPDATE:
   + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
    - Multiple cross-site scripting (XSS) vulnerabilities in Mailman
      before 2.1.10b1 allow remote attackers to inject arbitrary web
      script or HTML via unspecified vectors related to (1) editing
      templates and (2) the list's "info attribute" in the web
      administrator interface.
  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
   + http://bugs.gentoo.org/show_bug.cgi?id=208710

 -- Emanuele Gentili <email address hidden>   Fri, 07 Mar 2008 02:55:22 +0100
Superseded in hardy-release on 2008-03-07
mailman (1:2.1.9-9) unstable; urgency=low

  * Drop suggests for obsolete python-*-codecs and drop versioned
    dependencies for pre-oldstable versions.
  * Fix formatting of man pages (Closes: #432848).
  * Fix some bashisms in Debian packaging scripts.
  * Do not make /var/log/mailman world-readable, because it can contain
    a bit of semi-private information. Thanks Alexander Gerasiov.
    (Closes: #450927)
  * After logrotate, call 'mailmanctl reopen' instead of sending SIGHUP
    since that is the supported way of rotating logs (Closes: #424620).
  * Fix pidfile location in mailman.init, thanks Peter Rabbitson
    (Closes: #439325).
  * Make symlinks to /var/lo{g,ck}/mailman absolute, because the relative
    ones cause trouble on systems where people move these things around
    (Closes: #408855, #413604). Override lintian since this is allowed by
    policy.
  * Checked for policy 3.7.3, no changes required. Additional packaging
    cleanups.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  05 Dec 2007 00:29:09 +0000
Superseded in hardy-release on 2007-12-05
Obsolete in gutsy-release on 2011-09-16
mailman (1:2.1.9-8) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Added Portuguese debconf translation by Miguel Figueiredo
    (Closes: #414365).
  * Make sure Mailman can be properly purged (Closes: #421676).
  * Remove obsolete upgrading code.
  * Do not break upgrades in case python is temporarily unavailable
    (Closes: #419563).

  [ Lionel Elie Mamane ]
  * Avoid implicit-sort-on-load of indexes being converted to Unicode
    (hopefully really closes: #412142 now)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  12 Jun 2007 11:46:32 +0100
Superseded in gutsy-release on 2007-06-12
mailman (1:2.1.9-7) unstable; urgency=low

  * Upgrade subject and author indexes of _all_ archiving volumes to
    Unicode strings. (completely closes: #412142)

Obsolete in edgy-backports on 2008-06-19
mailman (1:2.1.9-4ubuntu1~edgy1) edgy-backports; urgency=low

  * Automated backport upload; no source changes.

Superseded in gutsy-release on 2007-04-30
Obsolete in feisty-release on 2009-08-20
mailman (1:2.1.9-4ubuntu1) feisty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/control: exim4 -> postfix.

Superseded in feisty-release on 2006-12-19
mailman (1:2.1.9-2ubuntu1) feisty; urgency=low

  * Synchronize to Debian; remaining Ubuntu change:
    - debian/control: exim4 -> postfix.

Superseded in dapper-updates on 2008-03-26
Superseded in dapper-security on 2008-03-14
mailman (2.1.5-9ubuntu4.1) dapper-security; urgency=low

  * SECURITY UPDATE: XSS and remote DoS.
  * Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
    - Fix various cross-site scripting vulnerabilities.
    - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
    - CVE-2006-3636
  * Add debian/patches/security-CVE-2006-2941.dpatch:
    - Scrubber.py: Do not bail out if emails' get_filename() throws a
      ValueError. This has been properly fixed in the next upstream email
      package (in Python core), but the fix is very intrusive. Thanks to Steve
      Alexander for discovering this and for the proposed patch.
    - CVE-2006-2941
    - Closes: LP#49620
  * Add debian/patches/security-error_log.dpatch:
    - Check characters in URL to prevent injecting bogus messages into
      error_log.
    - Patch taken from upstream SVN:
      http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918

 -- Martin Pitt <email address hidden>   Tue, 12 Sep 2006 20:30:29 +0000
Obsolete in breezy-security on 2008-03-25
mailman (2.1.5-8ubuntu2.3) breezy-security; urgency=low

  * SECURITY UPDATE: XSS and remote DoS.
  * Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
    - Fix various cross-site scripting vulnerabilities.
    - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
    - CVE-2006-3636
  * Add debian/patches/security-CVE-2006-2941.dpatch:
    - Scrubber.py: Do not bail out if emails' get_filename() throws a
      ValueError. This has been properly fixed in the next upstream email
      package (in Python core), but the fix is very intrusive. Thanks to Steve
      Alexander for discovering this and for the proposed patch.
    - CVE-2006-2941
    - Closes: LP#49620
  * Add debian/patches/security-error_log.dpatch:
    - Check characters in URL to prevent injecting bogus messages into
      error_log.
    - Patch taken from upstream SVN:
      http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918

 -- Martin Pitt <email address hidden>   Tue, 12 Sep 2006 20:36:47 +0000
Obsolete in hoary-security on 2008-03-19
mailman (2.1.5-7ubuntu0.3) hoary-security; urgency=low

  * SECURITY UPDATE: XSS.
  * Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
    - Fix various cross-site scripting vulnerabilities.
    - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
    - CVE-2006-3636
  * Add debian/patches/security-CVE-2006-2941.dpatch:
    - Scrubber.py: Do not bail out if emails' get_filename() throws a
      ValueError. This has been properly fixed in the next upstream email
      package (in Python core), but the fix is very intrusive. Thanks to Steve
      Alexander for discovering this and for the proposed patch.
    - CVE-2006-2941
    - Closes: LP#49620
  * Add debian/patches/security-error_log.dpatch:
    - Check characters in URL to prevent injecting bogus messages into
      error_log.
    - Patch taken from upstream SVN:
      http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918

 -- Martin Pitt <email address hidden>   Tue, 12 Sep 2006 20:46:52 +0000
Superseded in feisty-release on 2006-11-05
Obsolete in edgy-release on 2008-06-19
mailman (1:2.1.8-2ubuntu2) edgy; urgency=low

  * SECURITY UPDATE: XSS.
  * Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
    - Fix various cross-site scripting vulnerabilities.
    - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
    - CVE-2006-3636
  * Add debian/patches/security-CVE-2006-2941.dpatch:
    - Scrubber.py: Do not bail out if emails' get_filename() throws a
      ValueError. This has been properly fixed in the next upstream email
      package (in Python core), but the fix is very intrusive. Thanks to Steve
      Alexander for discovering this and for the proposed patch.
    - CVE-2006-2941
    - Closes: LP#49620
  * Add debian/patches/security-error_log.dpatch:
    - Check characters in URL to prevent injecting bogus messages into
      error_log.
    - Patch taken from upstream SVN:
      http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918

 -- Martin Pitt <email address hidden>   Tue, 12 Sep 2006 21:29:14 +0200
Superseded in edgy-release on 2006-09-12
mailman (1:2.1.8-2ubuntu1) edgy; urgency=low

  * Merge new Debian revision; Debian adopted the init script and apache2
    dependency fix, only remaining diff is the exim4->postfix dependency
    change.

Superseded in edgy-release on 2006-08-15
mailman (0:2.1.8-1ubuntu1) edgy; urgency=low

  * Merge to Debian; remaining Ubuntu changes:
    - debian/mailman.init: Create /var/{run,lock}/mailman.
    - debian/control: exim4 -> postfix.
  * debian/control: Dependency fix: apache -> apache2.

Superseded in breezy-security on 2006-09-13
mailman (2.1.5-8ubuntu2.2) breezy-security; urgency=low

  * Security update: Remote DoS.
  * Add debian/patches/72_mime_None_payload.dpatch:
    - Do not crash if python's email module returns None for the payload of a
      MIME part. This can happen for message/delivery-status or parts that
      contain only two blank lines.
    - See upstream bug reports and CVS patch:
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1430236&group_id=103
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
      http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/
      Handlers/Scrubber.py?r1=2.18.2.22&r2=2.18.2.23&diff_format=u
  * CVE-2006-0052

 -- Martin Pitt <email address hidden>   Mon,  3 Apr 2006 12:52:24 +0000
Superseded in hoary-security on 2006-09-13
mailman (2.1.5-7ubuntu0.2) hoary-security; urgency=low

  * Security update: Remote DoS.
  * Add debian/patches/72_mime_None_payload.dpatch:
    - Do not crash if python's email module returns None for the payload of a
      MIME part. This can happen for message/delivery-status or parts that
      contain only two blank lines.
    - See upstream bug reports and CVS patch:
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1430236&group_id=103
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
      http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/
      Handlers/Scrubber.py?r1=2.18.2.22&r2=2.18.2.23&diff_format=u
  * CVE-2006-0052

 -- Martin Pitt <email address hidden>   Mon,  3 Apr 2006 13:04:10 +0000
Obsolete in warty-security on 2008-01-09
mailman (2.1.5-1ubuntu2.7) warty-security; urgency=low

  * debian/patches/72_mime_None_payload.dpatch: Fix dpatch header.

 -- Martin Pitt <email address hidden>   Mon,  3 Apr 2006 13:02:35 +0000
Superseded in warty-security on 2006-04-03
mailman (2.1.5-1ubuntu2.6) warty-security; urgency=low

  * Security update: Remote DoS.
  * Add debian/patches/72_mime_None_payload.dpatch:
    - Do not crash if python's email module returns None for the payload of a
      MIME part. This can happen for message/delivery-status or parts that
      contain only two blank lines.
    - See upstream bug reports and CVS patch:
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1430236&group_id=103
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
      http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/
      Handlers/Scrubber.py?r1=2.18.2.22&r2=2.18.2.23&diff_format=u
  * CVE-2006-0052

 -- Martin Pitt <email address hidden>   Mon,  3 Apr 2006 12:54:22 +0000
Superseded in edgy-release on 2006-07-03
Obsolete in dapper-release on 2011-09-06
mailman (2.1.5-9ubuntu4) dapper; urgency=low

  * Security update: Remote DoS.
  * Add debian/patches/72_mime_None_payload.dpatch:
    - Do not crash if python's email module returns None for the payload of a
      MIME part. This can happen for message/delivery-status or parts that
      contain only two blank lines.
    - See upstream bug reports and CVS patch:
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1430236&group_id=103
      https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
      http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/
      Handlers/Scrubber.py?r1=2.18.2.22&r2=2.18.2.23&diff_format=u
  * CVE-2006-0052

 -- Martin Pitt <email address hidden>   Mon,  3 Apr 2006 14:28:08 +0200
Superseded in dapper-release on 2006-04-03
mailman (2.1.5-9ubuntu3) dapper; urgency=low

  * Create /var/run/mailman and /var/lock/mailman if they're missing.
    Part of the New World Order with those being tmpfs-es.  Malone #33749

 -- Tollef Fog Heen <email address hidden>   Mon, 13 Mar 2006 11:07:39 +0100
Superseded in dapper-release on 2006-03-13
Superseded in dapper-release on 2006-02-03
mailman (2.1.5-9ubuntu2) dapper; urgency=low


  * SECURITY UPDATE: Remote DoS.
  * Add debian/patches/70_invalid_utf8_dos.dpatch:
    - Do not crash on attachment filenames with invalid UTF-8 encoded name.
    - Thanks to Lionel Elie Mamane <email address hidden> for preparing the
      patch.
    - CVE-2005-3573
  * Add debian/patches/71_invalid_date_dos.dpatch:
    - Do not crash on mails with specially crafted dates which generate an
      OverflowError exception.
    - CVE-2005-4153

 -- Martin Pitt <email address hidden>  Mon, 16 Jan 2006 11:00:36 +0100
Superseded in breezy-security on 2006-04-03
Superseded in breezy-security on 2006-02-03
mailman (2.1.5-8ubuntu2.1) breezy-security; urgency=low


  * SECURITY UPDATE: Remote DoS.
  * Add debian/patches/70_invalid_utf8_dos.dpatch:
    - Do not crash on attachment filenames with invalid UTF-8 encoded name.
    - Thanks to Lionel Elie Mamane <email address hidden> for preparing the
      patch.
    - CVE-2005-3573
  * Add debian/patches/71_invalid_date_dos.dpatch:
    - Do not crash on mails with specially crafted dates which generate an
      OverflowError exception.
    - CVE-2005-4153

 -- Martin Pitt <email address hidden>  Mon, 16 Jan 2006 09:40:35 +0000
Superseded in hoary-security on 2006-04-03
Superseded in hoary-security on 2006-02-03
mailman (2.1.5-7ubuntu0.1) hoary-security; urgency=low


  * SECURITY UPDATE: Remote DoS.
  * Add debian/patches/70_invalid_utf8_dos.dpatch:
    - Do not crash on attachment filenames with invalid UTF-8 encoded name.
    - Thanks to Lionel Elie Mamane <email address hidden> for preparing the
      patch.
    - CVE-2005-3573
  * Add debian/patches/71_invalid_date_dos.dpatch:
    - Do not crash on mails with specially crafted dates which generate an
      OverflowError exception.
    - CVE-2005-4153

 -- Martin Pitt <email address hidden>  Mon, 16 Jan 2006 09:46:45 +0000
Superseded in warty-security on 2006-04-03
Superseded in warty-security on 2006-02-03
Superseded in warty-security on 2006-02-03
mailman (2.1.5-1ubuntu2.5) warty-security; urgency=low


  * SECURITY UPDATE: Remote DoS.
  * Add debian/patches/70_invalid_utf8_dos.dpatch:
    - Do not crash on attachment filenames with invalid UTF-8 encoded name.
    - Thanks to Lionel Elie Mamane <email address hidden> for preparing the
      patch.
    - CVE-2005-3573
  * Add debian/patches/71_invalid_date_dos.dpatch:
    - Do not crash on mails with specially crafted dates which generate an
      OverflowError exception.
    - CVE-2005-4153

 -- Martin Pitt <email address hidden>  Mon, 16 Jan 2006 10:54:56 +0100
Superseded in dapper-release on 2006-01-31
mailman (2.1.5-9ubuntu1) dapper; urgency=low


  * Resynchronise with Debian.

 -- Tollef Fog Heen <email address hidden>  Fri,  2 Dec 2005 12:11:51 +0100
Obsolete in breezy-release on 2008-03-25
mailman (2.1.5-8ubuntu2) breezy; urgency=low


  * Fix up time.strftime call in bounce handling to conform to how time in
    python 2.4 wants it.  Ubuntu #17183

 -- Tollef Fog Heen <email address hidden>  Mon, 10 Oct 2005 10:42:34 +0200
Obsolete in hoary-release on 2008-03-19
mailman (2.1.5-7) unstable; urgency=high


  * Brown bag release -- use '/' instead of the undefined SLASH in
    Cgi/private.py.  (closes: #294874)
  * Handle the case of non-ascii chars in realname.  (closes: #293861)
  * Fix up typo in cron script (closes: #284311)
  * Use head -n 1 instead of cat for getting the mailname out of
    /etc/mailname.  (closes: #287636)

 -- Tollef Fog Heen <email address hidden>  Wed, 16 Feb 2005 20:29:00 +0100
Superseded in warty-security on 2006-01-31
mailman (2.1.5-1ubuntu2.4) warty-security; urgency=low


  * Fixed debian/patches/92_can-2005-0202.dpatch: use '/' instead of the
    undefined SLASH.

 -- Martin Pitt <email address hidden>  Thu, 17 Feb 2005 10:26:38 +0000
Obsolete in warty-release on 2008-01-09
mailman (2.1.5-1ubuntu2) warty; urgency=low


  * Don't fail on init restart, when mailscanner is not running (#2204).

 -- Matthias Klose <email address hidden>  Mon, 11 Oct 2004 02:02:43 +0200
170 of 70 results