[BlueOnyx:14804] Re: disable Mailman permanent

Michael Stauber mstauber at blueonyx.it
Fri Feb 28 15:05:45 -05 2014 

Hi Eiji,

> The mailman is still original. Nothing is specified it.
> Also nobody knows mailman in the sites..
> 
> So there is a possibility of security holes around mailman isn't this?

See for yourself:

# rpm -q --changelog mailman
* Mo Jul 30 2012 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-18
- fix #834023 - escape From in email body properly
- fix #832920 - fix word-wrap in web front-end
- fix #772998 - fix reset_pw.py script
- fix #799323 - handle urlhost in newlist script

* Fr Jun 24 2011 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-17
- fix #703389 - fixed file permissions in /usr/lib/mailman
- fix #636825 - fix #!/usr/bin/env python shebang in migrate-fhs
- fix #704699 - fixed directories permissions in /usr/lib/mailman
- fix #684622 - do not create and install /etc/mailman/mm_cfg.pyc and
pyo files

* Di Feb 22 2011 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-16
- fix #677849 - fixed build problem without brew

* Mo Feb 21 2011 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-15
- fix #677849 - fixed CVE-2010-3089 and CVE-2011-0707

* Mo Jun 21 2010 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-14
- fix #606311 - better RedirectMatch for default httpd-mailman.conf

* Do Jun 17 2010 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-13
- fix #605171 - fix instances of #!/usr/bin/env python in mailman

* Mo Jun 14 2010 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-12
- fix #603635 - break CC field correctly

* Di Apr 20 2010 Daniel Novotny <dnovotny at redhat.com> 3:2.1.12-11
-fix #583967 - mailman-update-cfg script should use %{mmdir}, not %{_libdir}

* Mo Mär 22 2010 Daniel Novotny <dnovotny at redhat.com> 3:2.1.12-10
- fix #575702 - Pull recent enhancements from Rawhide

* Mo Nov 30 2009 Dennis Gregorovic <dgregor at redhat.com> - 3:2.1.12-9.1
- Rebuilt for RHEL 6

* Di Jul 28 2009 Daniel Novotny <dnovotny at redhat.com> 3:2.1.12-9



- regenerated patches so patch fuzz 3 is not needed (bz#513207)



- mm_cfg.pyc and .pyo are now %verify(not md5 size mtime) (bz#512794)

[...]

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list