Ubuntu
mailman package

Bug #12719
Comment #3

Comment 3 for bug 12719

Revision history for this message

In Debian Bug tracker #294467, Tollef Fog Heen (tfheen) wrote on 2005-02-10: Bug#294467: fixed in mailman 2.1.5-6

Source: mailman
Source-Version: 2.1.5-6

We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:

mailman_2.1.5-6.diff.gz
  to pool/main/m/mailman/mailman_2.1.5-6.diff.gz
mailman_2.1.5-6.dsc
  to pool/main/m/mailman/mailman_2.1.5-6.dsc
mailman_2.1.5-6_i386.deb
  to pool/main/m/mailman/mailman_2.1.5-6_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tollef Fog Heen <email address hidden> (supplier of updated mailman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 10 Feb 2005 12:10:42 +0100
Source: mailman
Binary: mailman
Architecture: source i386
Version: 2.1.5-6
Distribution: unstable
Urgency: high
Maintainer: Tollef Fog Heen <email address hidden>
Changed-By: Tollef Fog Heen <email address hidden>
Description:
mailman - Powerful, web-based mailing list manager
Closes: 283973 291289 293002 294467
Changes:
mailman (2.1.5-6) unstable; urgency=high
.
   * SECURITY UPDATE: fix information disclosure
   * Added debian/patches/04_CAN-2005-0202.dpatch:
     Mailman/Cgi/private.py, true_path(): fix the removal of '..' and '.' from
     private mail archive paths to prohibit path traversal (the former version
     transformed ".....///" to "../") (closes: #294467)
     (References: CAN-2005-0202)
   * Tighten build-deps on dpatch. (closes: #291289)
   * Update Czech debconf translation. (closes: #293002)
   * Add Dutch debconf translation. (closes: #283973)
Files:
91fdedde9ada517bc94e52a29d8fa56a 651 mail optional mailman_2.1.5-6.dsc
bf85a3cb885618a9964a873fb769225e 182465 mail optional mailman_2.1.5-6.diff.gz
f30d18591db657a0c2870e54326a566c 6609034 mail optional mailman_2.1.5-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCC0YhQSseMYF6mWoRAn0FAJ91wD2djTv3KfETu6Cc3o/+WwjsKwCfX5jM
mkzVv05og/sDBHWI4mLFd50=
=+ZBW
-----END PGP SIGNATURE-----

Source: mailman
Source-Version: 2.1.5-6

We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 294467@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tollef Fog Heen <tfheen@debian.org> (supplier of updated mailman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 10 Feb 2005 12:10:42 +0100
Source: mailman
Binary: mailman
Architecture: source i386
Version: 2.1.5-6
Distribution: unstable
Urgency: high
Maintainer: Tollef Fog Heen <tfheen@debian.org>
Changed-By: Tollef Fog Heen <tfheen@debian.org>
Description: 
 mailman    - Powerful, web-based mailing list manager
Closes: 283973 291289 293002 294467
Changes: 
 mailman (2.1.5-6) unstable; urgency=high
 .
   * SECURITY UPDATE: fix information disclosure
   * Added debian/patches/04_CAN-2005-0202.dpatch:
     Mailman/Cgi/private.py, true_path(): fix the removal of '..' and '.' from
     private mail archive paths to prohibit path traversal (the former version
     transformed ".....///" to "../") (closes: #294467)
     (References: CAN-2005-0202)
   * Tighten build-deps on dpatch. (closes: #291289)
   * Update Czech debconf translation. (closes: #293002)
   * Add Dutch debconf translation. (closes: #283973)
Files: 
 91fdedde9ada517bc94e52a29d8fa56a 651 mail optional mailman_2.1.5-6.dsc
 bf85a3cb885618a9964a873fb769225e 182465 mail optional mailman_2.1.5-6.diff.gz
 f30d18591db657a0c2870e54326a566c 6609034 mail optional mailman_2.1.5-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCC0YhQSseMYF6mWoRAn0FAJ91wD2djTv3KfETu6Cc3o/+WwjsKwCfX5jM
mkzVv05og/sDBHWI4mLFd50=
=+ZBW
-----END PGP SIGNATURE-----

Ubuntumailman package

Comment 3 for bug 12719

Ubuntu
mailman package