Ubuntu
mailman package

Sync mailman 1:2.1.14-1 (main) from Debian unstable (main)

Bug #722621 reported by Dave Walker
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mailman (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync mailman 1:2.1.14-1 (main) from Debian unstable (main)

Changelog entries since current natty version 1:2.1.13-4.1:

mailman (1:2.1.14-1) unstable; urgency=medium

  * New upstream release. Patches incorporated:
    - 15_mailmanctl_daemonize.patch
    - 83-CVE-2010-3089--bug599833.patch
  * Add upstream patch for CVE-2011-0707: XSS in confirmations.

 -- Thijs Kinkhorst <email address hidden> Sat, 19 Feb 2011 08:26:43 +0100

Dave Walker (davewalker)
Changed in mailman (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Benjamin Drung (bdrung) wrote : ack-sync

mailman 1:2.1.14-1 builds on amd64. Sync request ACK'd.

Changed in mailman (Ubuntu):
assignee: nobody → Benjamin Drung (bdrung)
status: New → In Progress
assignee: Benjamin Drung (bdrung) → nobody
status: In Progress → Confirmed
Revision history for this message
Bob Tanner (tanner) wrote :

As a remotely exploitable security issue I hope the Importance of this issue is greater then Wishlist!

Revision history for this message
Benjamin Drung (bdrung) wrote :

The package will be synced regardless of the Importance. Changing the Importance won't get it processed faster. Besides that, the development release (currently natty) has no security support. We have to fix security holes till the release, but not earlier.

Does this security issue affects other series too?

Revision history for this message
Dave Walker (davewalker) wrote :

@bdrung, I had already confirmed the Ubuntu security team are working on -security updates for stable releases.

Revision history for this message
Colin Watson (cjwatson) wrote :

[Updating] mailman (1:2.1.13-4.1 [Ubuntu] < 1:2.1.14-1 [Debian])
 * Trying to add mailman...
2011-02-22 12:36:47 INFO - <mailman_2.1.14.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
2011-02-22 12:36:50 INFO - <mailman_2.1.14-1.debian.tar.gz: downloading from http://ftp.debian.org/debian/>
2011-02-22 12:36:50 INFO - <mailman_2.1.14-1.dsc: downloading from http://ftp.debian.org/debian/>
I: mailman [main] -> mailman_1:2.1.13-4.1 [main].

Changed in mailman (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.