diff options
author | msapiro <> | 2006-06-23 20:03:32 +0000 |
---|---|---|
committer | msapiro <> | 2006-06-23 20:03:32 +0000 |
commit | 4dc70bbcc0856b2a27d0d6c0a2def51433712e36 (patch) | |
tree | c02801e8a577d58dcd2fde46f21164403d646716 /NEWS | |
parent | b0a70c0f4069c8ee4196c42502445695a847ce9d (diff) | |
download | mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.tar.gz mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.tar.xz mailman2-4dc70bbcc0856b2a27d0d6c0a2def51433712e36.zip |
- Decorate.py Fixed bug 1507248 by ignoring header/footer characters
outside the character set of the list's language.
- Utils.py Fixed a security hole which allowed a crafted URI to inject
bogus apparent messages into the error log, possibly inducing an admin to
visit a phishing site.
Diffstat (limited to '')
-rw-r--r-- | NEWS | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -4,6 +4,21 @@ Copyright (C) 1998-2006 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. +2.1.9 (xx-xxx-xxxx) + + Security + + - A malicious user could visit a specially crafted URI and inject an + apparent log message into Mailman's error log which might induce an + unsuspecting administrator to visit a phishing site. This has been + blocked. Thanks to Moritz Naumann for its discovery. + + Bug fixes and other patches + + - Fixed Decorate.py so that characters in message header/footer which + are not in the character set of the list's language are ignored rather + than causing shunted messages (1507248). + 2.1.8 (15-Apr-2006) Security |