-
mailman (1:2.1.16-2ubuntu0.5) trusty-security; urgency=medium
* SECURITY UPDATE: Cross-site scripting vulnerability
- debian/patches/CVE-2018-5950.patch: fix this in
Mailman/Cgi/options.py.
- CVE-2018-5950
-- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Feb 2018 14:45:50 -0300
-
mailman (1:2.1.16-2ubuntu0.3) trusty; urgency=medium
* Fixed a misspelling in Tagger.py that breaks Lists
with topics enabled (LP: #1251495)
-- Christian Ehrhardt <email address hidden> Wed, 25 Oct 2017 16:46:47 +0200
-
mailman (1:2.1.16-2ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: CSRF vulnerability in the user options page
- debian/patches/CVE-2016-6893.patch: add CSRF checks to
Mailman/Cgi/admindb.py, Mailman/Cgi/edithtml.py,
Mailman/Cgi/options.py, Mailman/HTMLFormatter.py,
Mailman/htmlformat.py.
- CVE-2016-6893
-- Marc Deslauriers <email address hidden> Thu, 06 Oct 2016 11:27:40 -0400
-
mailman (1:2.1.16-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2015-2775.patch: validate list name in
Mailman/Utils.py, add comment to Mailman/Defaults.py.in.
- CVE-2015-2775
-- Marc Deslauriers <email address hidden> Fri, 03 Apr 2015 08:34:52 -0400
-
mailman (1:2.1.16-2) unstable; urgency=medium
* Upload to unstable, as requested by Thijs; we did not encounter
any unexpected trouble with the version in experimental, and it
does fix an RC bug as well as a release goal.
-- Thorsten Glaser <email address hidden> Mon, 03 Feb 2014 14:00:37 +0100
-
mailman (1:2.1.16-1) unstable; urgency=low
* New upstream release.
-- Thijs Kinkhorst <email address hidden> Wed, 06 Nov 2013 19:57:54 +0100
-
mailman (1:2.1.16~rc2-1) unstable; urgency=low
[ Thijs Kinkhorst ]
* New upstream release candidate.
- Exposes message-id to templates (closes: #614340).
* Remove obsolete patches, applied upstream:
21_newlist_help.patch
* Updates to Russian debconf templates, thanks Ivan Krylov!
(closes: #710268).
* Needs at least version 3.8.0 of logrotate (closes: #687215).
* Add autopkgtests, thanks Yolanda Robla! (closes: #710095)
* Packaging cleanup: checked for policy 3.9.4, update Vcs URL,
recommend default-mta instead of exim4.
[ Thorsten Glaser ]
* Prevent losing stderr in the init script when there are many lists.
(closes: #702002)
* debian/watch: mangle the epoch away so DDPO is green again.
-- Thijs Kinkhorst <email address hidden> Sun, 04 Aug 2013 12:00:05 +0200