aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authormsapiro <>2006-06-23 20:03:32 +0000
committermsapiro <>2006-06-23 20:03:32 +0000
commit4dc70bbcc0856b2a27d0d6c0a2def51433712e36 (patch)
treec02801e8a577d58dcd2fde46f21164403d646716 /NEWS
parentb0a70c0f4069c8ee4196c42502445695a847ce9d (diff)
downloadmailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.tar.gz
mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.tar.xz
mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.zip
- Decorate.py Fixed bug 1507248 by ignoring header/footer characters
outside the character set of the list's language. - Utils.py Fixed a security hole which allowed a crafted URI to inject bogus apparent messages into the error log, possibly inducing an admin to visit a phishing site.
Diffstat (limited to '')
-rw-r--r--NEWS15
1 files changed, 15 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e45b725a..491ff644 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,21 @@ Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
Here is a history of user visible changes to Mailman.
+2.1.9 (xx-xxx-xxxx)
+
+ Security
+
+ - A malicious user could visit a specially crafted URI and inject an
+ apparent log message into Mailman's error log which might induce an
+ unsuspecting administrator to visit a phishing site. This has been
+ blocked. Thanks to Moritz Naumann for its discovery.
+
+ Bug fixes and other patches
+
+ - Fixed Decorate.py so that characters in message header/footer which
+ are not in the character set of the list's language are ignored rather
+ than causing shunted messages (1507248).
+
2.1.8 (15-Apr-2006)
Security