Fix an unexploitable format string vulnerability. Even though unexploitable,

it's still crappy coding that should be fixed. CVE-2006-2191. Thanks go to Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.
author: bwarsaw <> 2006-09-11 12:13:08 +0000
committer: bwarsaw <> 2006-09-11 12:13:08 +0000
commit: 374e50f91ac9675589a9752322f0a42069ebd9c3 (patch)
tree: 88de4e372fad2990bf7596d68ef4396de1b66f94 /NEWS
parent: b214da0b5df97023c56fbb5619b553dff93faf7d (diff)
download: mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.gz
mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.xz
mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 995c2cfd..d22baa65 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ Here is a history of user visible changes to Mailman.
     - Several cross-site scripting issues have been fixed.  Thanks to Moritz
       Naumann for their discovery.  CVE-2006-3636
 
+    - Fixed an unexploitable format string vulnerability.  Discovery and fix
+      by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
+      Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.
+
   Internationalization
 
     - New languages: Arabic, Vietnamese.
author	bwarsaw <>	2006-09-11 12:13:08 +0000
committer	bwarsaw <>	2006-09-11 12:13:08 +0000
commit	374e50f91ac9675589a9752322f0a42069ebd9c3 (patch)
tree	88de4e372fad2990bf7596d68ef4396de1b66f94 /NEWS
parent	b214da0b5df97023c56fbb5619b553dff93faf7d (diff)
download	mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.gz mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.xz mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.zip