From 0cee915eeb5f8f99ed036d257b1103c28373eb5b Mon Sep 17 00:00:00 2001
From: bwarsaw <>
Date: Wed, 30 Aug 2006 14:54:22 +0000
Subject: CVE-2006-3636.  Fixes for various cross-site scripting issues. 
 Discovery by Moritz Naumann and most of the repair work done by Mark Sapiro
 (with some additional work by Barry).

---
 NEWS | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index ac4494d3..d7c7ac59 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,12 @@ Here is a history of user visible changes to Mailman.
       unsuspecting administrator to visit a phishing site.  This has been
       blocked.  Thanks to Moritz Naumann for its discovery.
 
+    - Fixed denial of service attack which can be caused by some
+      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.
+
+    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
+      Naumann for their discovery.  CVE-2006-3636
+
   Internationalization
 
     - New languages: Arabic, Vietnamese.
@@ -26,7 +32,7 @@ Here is a history of user visible changes to Mailman.
     - Switchboard.py - Closed very tiny holes at the upper ends of queue
       slices that could result in unprocessable queue entries.  Improved FIFO
       processing when two queue entries have the same timestamp.
-      
+
 2.1.8 (15-Apr-2006)
 
   Security
-- 
cgit v1.2.3