Format: 1.7
Date: Tue, 12 Sep 2006 21:29:14 +0200
Source: mailman
Binary: mailman
Architecture: amd64_translations amd64
Version: 1:2.1.8-2ubuntu2
Distribution: autobuild
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@crested.buildd>
Changed-By: Martin Pitt <martin.pitt@ubuntu.com>
Description: 
 mailman    - Powerful, web-based mailing list manager
Changes: 
 mailman (1:2.1.8-2ubuntu2) edgy; urgency=low
 .
   * SECURITY UPDATE: XSS.
   * Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
     - Fix various cross-site scripting vulnerabilities.
     - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
     - CVE-2006-3636
   * Add debian/patches/security-CVE-2006-2941.dpatch:
     - Scrubber.py: Do not bail out if emails' get_filename() throws a
       ValueError. This has been properly fixed in the next upstream email
       package (in Python core), but the fix is very intrusive. Thanks to Steve
       Alexander for discovering this and for the proposed patch.
     - CVE-2006-2941
     - Closes: LP#49620
   * Add debian/patches/security-error_log.dpatch:
     - Check characters in URL to prevent injecting bogus messages into
       error_log.
     - Patch taken from upstream SVN:
       http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918
Files: 
 016eac80e96e52046ddb6f3effa6d71c 8014118 mail optional mailman_2.1.8-2ubuntu2_amd64.deb
 fb339d5e70aaf0383d1ca45b1ba5add6 6340059 raw-translations - mailman_2.1.8-2ubuntu2_amd64_translations.tar.gz