aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authorbwarsaw <>2006-08-30 14:54:22 +0000
committerbwarsaw <>2006-08-30 14:54:22 +0000
commit0cee915eeb5f8f99ed036d257b1103c28373eb5b (patch)
tree1489a315aaa485d4c1aa91762b63a232fb23149d /NEWS
parent14bb48657eae40f5ef80adeebd021d6a186e2cd2 (diff)
downloadmailman2-0cee915eeb5f8f99ed036d257b1103c28373eb5b.tar.gz
mailman2-0cee915eeb5f8f99ed036d257b1103c28373eb5b.tar.xz
mailman2-0cee915eeb5f8f99ed036d257b1103c28373eb5b.zip
CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery by
Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
Diffstat (limited to '')
-rw-r--r--NEWS8
1 files changed, 7 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index ac4494d3..d7c7ac59 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,12 @@ Here is a history of user visible changes to Mailman.
unsuspecting administrator to visit a phishing site. This has been
blocked. Thanks to Moritz Naumann for its discovery.
+ - Fixed denial of service attack which can be caused by some
+ standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
+
+ - Several cross-site scripting issues have been fixed. Thanks to Moritz
+ Naumann for their discovery. CVE-2006-3636
+
Internationalization
- New languages: Arabic, Vietnamese.
@@ -26,7 +32,7 @@ Here is a history of user visible changes to Mailman.
- Switchboard.py - Closed very tiny holes at the upper ends of queue
slices that could result in unprocessable queue entries. Improved FIFO
processing when two queue entries have the same timestamp.
-
+
2.1.8 (15-Apr-2006)
Security