[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fw: Mailman vulnerability

----- Original Message ----- 
From: "Martin Marques" <martin bugs unl edu ar>
To: "Discussion of the Fedora Legacy Project" <fedora-legacy-list redhat com>
Sent: Saturday, October 07, 2006 9:51 AM
Subject: Re: Mailman vulnerability

> On Thu, 5 Oct 2006, Michal Jaegermann wrote:
> > On Thu, Oct 05, 2006 at 09:19:48AM -0300, Martin Marques wrote:
> >> I have a FC4 web server installed and got this mailman report:
> >>
> >> http://www.securityfocus.com/bid/19831/discuss
> >>
> >> Is it to worry?
> >
> > Probably.  See also http://rhn.redhat.com/errata/RHSA-2006-0600.html
> >
> > FC4 is using mailman-2.1.5-35 so fixes in sources used by
> Nop.
> # rpm -qa | grep mailman
> mailman-2.1.8-0.FC4.1
> > RHEL4, as specified by RHSA-2006-0600, will likely apply directly
> > or after minimal modifications.  You can produce your own
> > update before something general eventually will show up.
> > Add patches, edit specs and rebuild rpm.

Hi Martin!

Our emails must have crossed, so mine was at cross-purposes to what you
just wrote.  :)

> I'm getting the source rpm, and I'll try to apply the patch.
> Do I submit the src.rpm afterwards?

Yes!  If you get the patched mailman-2.1.8-0.FC4.1 to work okay with the
patches, please do post the .src.rpm on the web, and let us know you have
done so in Bugzilla Bug #209891!  We can then test & QA it and work on
getting it released to updates.

Thanks!  --David

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]