Fw: Mailman vulnerability
David Eisenstein
deisenst at gtw.net
Sat Oct 7 15:36:19 UTC 2006
----- Original Message -----
From: "Martin Marques" <martin at bugs.unl.edu.ar>
To: "Discussion of the Fedora Legacy Project" <fedora-legacy-list at redhat.com>
Sent: Saturday, October 07, 2006 9:51 AM
Subject: Re: Mailman vulnerability
> On Thu, 5 Oct 2006, Michal Jaegermann wrote:
>
> > On Thu, Oct 05, 2006 at 09:19:48AM -0300, Martin Marques wrote:
> >> I have a FC4 web server installed and got this mailman report:
> >>
> >> http://www.securityfocus.com/bid/19831/discuss
> >>
> >> Is it to worry?
> >
> > Probably. See also http://rhn.redhat.com/errata/RHSA-2006-0600.html
> >
> > FC4 is using mailman-2.1.5-35 so fixes in sources used by
>
> Nop.
>
> # rpm -qa | grep mailman
> mailman-2.1.8-0.FC4.1
>
> > RHEL4, as specified by RHSA-2006-0600, will likely apply directly
> > or after minimal modifications. You can produce your own
> > update before something general eventually will show up.
> > Add patches, edit specs and rebuild rpm.
>
Hi Martin!
Our emails must have crossed, so mine was at cross-purposes to what you
just wrote. :)
> I'm getting the source rpm, and I'll try to apply the patch.
>
> Do I submit the src.rpm afterwards?
Yes! If you get the patched mailman-2.1.8-0.FC4.1 to work okay with the
patches, please do post the .src.rpm on the web, and let us know you have
done so in Bugzilla Bug #209891! We can then test & QA it and work on
getting it released to updates.
Thanks! --David
More information about the fedora-legacy-list
mailing list