-
mailman (1:2.1.23-1+deb9u5) stretch-security; urgency=high
* Upload to strech for security issue.
* Fix stored cross site scripting in attachment extensions.
-- Thijs Kinkhorst <email address hidden> Thu, 23 Apr 2020 17:48:05 +0200
-
mailman (1:2.1.23-1+deb9u4) stretch; urgency=medium
* Non-maintainer upload.
* Arbitrary text injection vulnerability in Mailman CGIs (CVE-2018-13796)
(Closes: #903674)
-- Salvatore Bonaccorso <email address hidden> Mon, 03 Sep 2018 22:00:38 +0200
-
mailman (1:2.1.23-1+deb9u2) stretch-security; urgency=high
* CVE-2018-5950: XSS and information leak in user options.
(Closes: #888201)
-- Thijs Kinkhorst <email address hidden> Thu, 08 Feb 2018 07:54:28 +0100
-
mailman (1:2.1.23-1+deb9u1) stretch; urgency=medium
* Fixed broken dependencies in SpamAssassin.py (Closes: #838288).
Thanks Stephen Rothwell for the patch.
-- Thijs Kinkhorst <email address hidden> Thu, 14 Sep 2017 12:23:04 +0200
-
mailman (1:2.1.23-1) unstable; urgency=medium
* New upstream release.
- Fixes CSRF in user options (CVE-2016-6893, closes: #835970).
-- Thijs Kinkhorst <email address hidden> Tue, 13 Sep 2016 16:01:59 +0000
-
mailman (1:2.1.22-1) unstable; urgency=medium
* New upstream release. (Closes: #821367)
* Checked for policy 3.9.8, no changes.
-- Thijs Kinkhorst <email address hidden> Mon, 25 Apr 2016 16:39:06 +0000
-
mailman (1:2.1.20-1) unstable; urgency=medium
* New upstream release. (Closes: #779911)
- Drop obsolete patches:
92_CVE-2015-2775.patch
* Checked for policy 3.9.6, no changes.
* Update to debhelper compat level 9.
* Make postfix-to-mailman.py work with the full recipient email
address, solving an issue when recipient_delimiter = "-".
To take advantage of this, change "${user}" to "${recipient}"
in Postfix' master.cf. Patch by Brian O'Connor. (Closes: #578986)
* Make package build reproducibly by using install instead of cp
for installing qmail-to-mailman.py. Patch by Jérémy Bobbio.
(Closes: #783151)
* Update example apache.conf for Apache 2.4.
* Add cron-daemon as dependency alternative to cron. (Closes: #785193)
-- Thijs Kinkhorst <email address hidden> Thu, 14 May 2015 14:09:42 +0000
-
mailman (1:2.1.18-2) unstable; urgency=high
* Fix security issue: path traversal through local_part.
Affects installations which use an Exim or Postfix transport
instead of fixed aliases; attacker needs to be able to place
files on the local filesystem.
(CVE-2015-2775, Closes: 781626)
-- Thijs Kinkhorst <email address hidden> Mon, 06 Apr 2015 15:36:15 +0000