REGRESSION: mailman broken after security upgrade on gutsy

Sorry, this wasn't a dupe, looked to quickly on the backtraces.
Happens on Feisty too.

Happening to me too. It was also impossible to stop after that. I have to download the older .deb package and use dpkg -i (for some reason it stops the process) and recreate every lists.

I forget to mention. It happens on Gutsy after apt-get upgrade

Can't edit previous posting and to mention it's amd64 platform

the problem is in 100_CVE-2008-0564.patch

Also seen here (gutsy, i386). Very serious, as it causes the daemon to fail, rendering lists inoperable.

The bug is obvious in the code (line 437 in /var/lib/mailman/Mailman/Gui/General.py):

            mlist.subject_prefix = Utils.canonstr(
        elif property == 'info':

Assigning to emgent, who uploaded the security update.

fixed patch, cannot guarantee correctness, but it at least runs.

updated package.

NO WARRANTY , NO GUARANTEE OF ANY KIND!

Thanks for notice, i'm working to it.
Sim IJskes please attach your cleaned diff, I will consider this.

Thanks for all

diff -r mailman-2.1.9/debian/patches/100_CVE-2008-0564.patch mailman-2.1.9-sgy/debian/patches/100_CVE-2008-0564.patch
59,60c59
< @@ -435,19 +435,21 @@
< elif property == 'subject_prefix':
---
> @@ -436,18 +436,21 @@
63c62
< - val, mlist.preferred_language)
---
> val, mlist.preferred_language)

The problem is in the incorrect 100_CVE-2008-0564.patch in the debian/patches directory.

It removes the line 'val, mlist.preferred_language)' from the file 'MailMan/Gui/General.py'.

My guess is, the patch was generated from a damaged General.py

--- mailman-2.1.9.orig/Mailman/Gui/General.py 2008-03-07 05:33:39.000000000 +0100
+++ mailman-2.1.9/Mailman/Gui/General.py 2008-03-07 05:35:05.000000000 +0100

By the way, 5:33 is for sleeping. LOL!

Gr. Sim

I've called James to ask for the broken update to be disabled temporarily, and raised a member of the security team to deal with a fix.

I'm using the debian etch package, which seems to work fine under Gutsy. See packages.debian.org.

It's possible use my PPA for temporarily fix the problem.
https://edge.launchpad.net/~emgent/+archive

pitti working to upload my fix in security repository.

Thanks to all.

Gutsy fix verified and uploaded.

Hardy is not affected according to Emanuele.

Tested and uploaded Feisty fix.

I'm going to publish the security update now.

This bug was fixed in the package mailman - 1:2.1.9-8ubuntu0.2

---------------
mailman (1:2.1.9-8ubuntu0.2) gutsy-security; urgency=low

  * debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code
    line which caused the code to become invalid and the package to not be
    installable. (LP: #202332)

 -- Emanuele Gentili <email address hidden> Sat, 15 Mar 2008 14:40:18 +0100

This bug was fixed in the package mailman - 1:2.1.9-4ubuntu1.2

---------------
mailman (1:2.1.9-4ubuntu1.2) feisty-security; urgency=low

  * debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code
    line which caused the code to become invalid and the package to not be
    installable. (LP: #202332)

 -- Emanuele Gentili <email address hidden> Sat, 15 Mar 2008 15:04:04 +0100