Ubuntu
mailman package

Change logs for mailman source package in Trusty

  1. Trusty (14.04)
  2. Change log 
  • mailman (1:2.1.16-2ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Cross-site scripting vulnerability
    - debian/patches/CVE-2018-5950.patch: fix this in
      Mailman/Cgi/options.py.
    - CVE-2018-5950

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 07 Feb 2018 14:45:50 -0300
  • mailman (1:2.1.16-2ubuntu0.3) trusty; urgency=medium

  * Fixed a misspelling in Tagger.py that breaks Lists
    with topics enabled (LP: #1251495)

 -- Christian Ehrhardt <email address hidden>  Wed, 25 Oct 2017 16:46:47 +0200
  • mailman (1:2.1.16-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: CSRF vulnerability in the user options page
    - debian/patches/CVE-2016-6893.patch: add CSRF checks to
      Mailman/Cgi/admindb.py, Mailman/Cgi/edithtml.py,
      Mailman/Cgi/options.py, Mailman/HTMLFormatter.py,
      Mailman/htmlformat.py.
    - CVE-2016-6893

 -- Marc Deslauriers <email address hidden>  Thu, 06 Oct 2016 11:27:40 -0400
  • mailman (1:2.1.16-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2015-2775.patch: validate list name in
      Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
    - CVE-2015-2775
 -- Marc Deslauriers <email address hidden>   Fri, 03 Apr 2015 08:34:52 -0400
  • mailman (1:2.1.16-2) unstable; urgency=medium


  * Upload to unstable, as requested by Thijs; we did not encounter
    any unexpected trouble with the version in experimental, and it
    does fix an RC bug as well as a release goal.

 -- Thorsten Glaser <email address hidden>  Mon, 03 Feb 2014 14:00:37 +0100
  • mailman (1:2.1.16-1) unstable; urgency=low


  * New upstream release.

 -- Thijs Kinkhorst <email address hidden>  Wed, 06 Nov 2013 19:57:54 +0100
  • mailman (1:2.1.16~rc2-1) unstable; urgency=low


  [ Thijs Kinkhorst ]
  * New upstream release candidate.
    - Exposes message-id to templates (closes: #614340).
  * Remove obsolete patches, applied upstream:
    21_newlist_help.patch
  * Updates to Russian debconf templates, thanks Ivan Krylov!
    (closes: #710268).
  * Needs at least version 3.8.0 of logrotate (closes: #687215).
  * Add autopkgtests, thanks Yolanda Robla! (closes: #710095)
  * Packaging cleanup: checked for policy 3.9.4, update Vcs URL,
    recommend default-mta instead of exim4.

  [ Thorsten Glaser ]
  * Prevent losing stderr in the init script when there are many lists.
    (closes: #702002)
  * debian/watch: mangle the epoch away so DDPO is green again.

 -- Thijs Kinkhorst <email address hidden>  Sun, 04 Aug 2013 12:00:05 +0200