Debian
mailman package

Change logs for mailman source package in Stretch

  1. Stretch (9.0)
  2. Change log 
  • mailman (1:2.1.23-1+deb9u5) stretch-security; urgency=high

  * Upload to strech for security issue.
  * Fix stored cross site scripting in attachment extensions. 

 -- Thijs Kinkhorst <email address hidden>  Thu, 23 Apr 2020 17:48:05 +0200
  • mailman (1:2.1.23-1+deb9u4) stretch; urgency=medium

  * Non-maintainer upload.
  * Arbitrary text injection vulnerability in Mailman CGIs (CVE-2018-13796)
    (Closes: #903674)

 -- Salvatore Bonaccorso <email address hidden>  Mon, 03 Sep 2018 22:00:38 +0200
  • mailman (1:2.1.23-1+deb9u2) stretch-security; urgency=high

  * CVE-2018-5950: XSS and information leak in user options.
    (Closes: #888201)

 -- Thijs Kinkhorst <email address hidden>  Thu, 08 Feb 2018 07:54:28 +0100
  • mailman (1:2.1.23-1+deb9u1) stretch; urgency=medium

  * Fixed broken dependencies in SpamAssassin.py (Closes: #838288).   
    Thanks Stephen Rothwell for the patch.

 -- Thijs Kinkhorst <email address hidden>  Thu, 14 Sep 2017 12:23:04 +0200
  • mailman (1:2.1.23-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CSRF in user options (CVE-2016-6893, closes: #835970).

 -- Thijs Kinkhorst <email address hidden>  Tue, 13 Sep 2016 16:01:59 +0000
  • mailman (1:2.1.22-1) unstable; urgency=medium

  * New upstream release. (Closes: #821367)
  * Checked for policy 3.9.8, no changes.

 -- Thijs Kinkhorst <email address hidden>  Mon, 25 Apr 2016 16:39:06 +0000
  • mailman (1:2.1.20-1) unstable; urgency=medium

  * New upstream release. (Closes: #779911)
    - Drop obsolete patches:
      92_CVE-2015-2775.patch
  * Checked for policy 3.9.6, no changes.
  * Update to debhelper compat level 9.
  * Make postfix-to-mailman.py work with the full recipient email
    address, solving an issue when recipient_delimiter = "-".
    To take advantage of this, change "${user}" to "${recipient}"
    in Postfix' master.cf. Patch by Brian O'Connor. (Closes: #578986)
  * Make package build reproducibly by using install instead of cp
    for installing qmail-to-mailman.py. Patch by Jérémy Bobbio.
    (Closes: #783151)
  * Update example apache.conf for Apache 2.4.
  * Add cron-daemon as dependency alternative to cron. (Closes: #785193)

 -- Thijs Kinkhorst <email address hidden>  Thu, 14 May 2015 14:09:42 +0000
  • mailman (1:2.1.18-2) unstable; urgency=high


  * Fix security issue: path traversal through local_part.
    Affects installations which use an Exim or Postfix transport
    instead of fixed aliases; attacker needs to be able to place
    files on the local filesystem.
    (CVE-2015-2775, Closes: 781626)

 -- Thijs Kinkhorst <email address hidden>  Mon, 06 Apr 2015 15:36:15 +0000