From 5fa7ac242892ad3ddf4762a7e1b544022d8e61c8 Mon Sep 17 00:00:00 2001
From: msapiro <>
Date: Mon, 12 Dec 2005 01:06:02 +0000
Subject: Fixes for bug 1080943. Add error response for ./ and ../ in URL

---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index b541bc63..1e988d7f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ Here is a history of user visible changes to Mailman.
 
   Security
 
+    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
+      message instead of just quietly dropping ./ and ../ from URLs.
+
     - A note on CVE-2005-3573: Although the RFC2231 bug example in the
       CVE has been solved in mailman-2.1.6, there may be more cases
       where ToDigest.send_digests() can block regular delivery.
@@ -42,6 +45,8 @@ Here is a history of user visible changes to Mailman.
 
   Bug fixes and other patches
 
+    - Fix private.py to go to the original URL after authorization (1080943).
+
     - Fix bounce log score messages to be more consistent.
 
     - Fix bin/remove_members to accept no arguments when both --fromall and
-- 
cgit v1.2.3