The 2.1.10 security enhancements have been assigned a new CVE. Updated

NEWS accordingly.
author: Mark Sapiro <mark@msapiro.net> 2008-02-04 17:47:24 -0800
committer: Mark Sapiro <mark@msapiro.net> 2008-02-04 17:47:24 -0800
commit: f05065b0111adaa311ab909c29c1b93bd34451fc (patch)
tree: 81499a5030557e3a882bc9bd0385683fcf6173ee /NEWS
parent: 3343bcb6b4c980f9296964800201d577d5e56194 (diff)
download: mailman2-f05065b0111adaa311ab909c29c1b93bd34451fc.tar.gz
mailman2-f05065b0111adaa311ab909c29c1b93bd34451fc.tar.xz
mailman2-f05065b0111adaa311ab909c29c1b93bd34451fc.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 68b2d0af..1a11b661 100644
--- a/NEWS
+++ b/NEWS
@@ -8,11 +8,11 @@ Here is a history of user visible changes to Mailman.
 
   Security
 
-    - The 2.1.9 fixes for CVE-2006-3636 have been enhanced.  In particular,
-      many potential cross-site scripting attacks have are now detected in
+    - The 2.1.9 fixes for CVE-2006-3636 were not complete.  In particular,
+      some potential cross-site scripting attacks were not detected in
       editing templates and updating the list's info attribute via the web
-      admin interface.  Thanks again to Moritz Naumann for assistance with
-      this.
+      admin interface.  This has been assigned CVE-2008-0564 and has been
+      fixed.  Thanks again to Moritz Naumann for assistance with this.
 
   New Features
author	Mark Sapiro <mark@msapiro.net>	2008-02-04 17:47:24 -0800
committer	Mark Sapiro <mark@msapiro.net>	2008-02-04 17:47:24 -0800
commit	f05065b0111adaa311ab909c29c1b93bd34451fc (patch)
tree	81499a5030557e3a882bc9bd0385683fcf6173ee /NEWS
parent	3343bcb6b4c980f9296964800201d577d5e56194 (diff)
download	mailman2-f05065b0111adaa311ab909c29c1b93bd34451fc.tar.gz mailman2-f05065b0111adaa311ab909c29c1b93bd34451fc.tar.xz mailman2-f05065b0111adaa311ab909c29c1b93bd34451fc.zip