diff options
author | bwarsaw <> | 2006-08-30 14:54:22 +0000 |
---|---|---|
committer | bwarsaw <> | 2006-08-30 14:54:22 +0000 |
commit | 0cee915eeb5f8f99ed036d257b1103c28373eb5b (patch) | |
tree | 1489a315aaa485d4c1aa91762b63a232fb23149d /NEWS | |
parent | 14bb48657eae40f5ef80adeebd021d6a186e2cd2 (diff) | |
download | mailman2-0cee915eeb5f8f99ed036d257b1103c28373eb5b.tar.gz mailman2-0cee915eeb5f8f99ed036d257b1103c28373eb5b.tar.xz mailman2-0cee915eeb5f8f99ed036d257b1103c28373eb5b.zip |
CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery by
Moritz Naumann and most of the repair work done by Mark Sapiro (with some
additional work by Barry).
Diffstat (limited to '')
-rw-r--r-- | NEWS | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -13,6 +13,12 @@ Here is a history of user visible changes to Mailman. unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. + - Fixed denial of service attack which can be caused by some + standards-breaking RFC 2231 formatted headers. CVE-2006-2941. + + - Several cross-site scripting issues have been fixed. Thanks to Moritz + Naumann for their discovery. CVE-2006-3636 + Internationalization - New languages: Arabic, Vietnamese. @@ -26,7 +32,7 @@ Here is a history of user visible changes to Mailman. - Switchboard.py - Closed very tiny holes at the upper ends of queue slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp. - + 2.1.8 (15-Apr-2006) Security |