Mailman vulnerability
Martin Marques
martin at bugs.unl.edu.ar
Wed Nov 8 11:45:40 UTC 2006
On Thu, 5 Oct 2006, Michal Jaegermann wrote:
> On Thu, Oct 05, 2006 at 09:19:48AM -0300, Martin Marques wrote:
>> I have a FC4 web server installed and got this mailman report:
>>
>> http://www.securityfocus.com/bid/19831/discuss
>>
>> Is it to worry?
>
> Probably. See also http://rhn.redhat.com/errata/RHSA-2006-0600.html
>
> FC4 is using mailman-2.1.5-35 so fixes in sources used by
> RHEL4, as specified by RHSA-2006-0600, will likely apply directly
> or after minimal modifications. You can produce your own
> update before something general eventually will show up.
> Add patches, edit specs and rebuild rpm.
Sorry for the delay. I'm working on this right now. But I found that
patches for RHEL are for mailman 2.1.5 and we are on 2.1.8, making patches
fail. So I'm trying to build new patches based on the RHEL ones.
Would you people like to see the patches first or do I send the src.rpm?
--
21:50:04 up 2 days, 9:07, 0 users, load average: 0.92, 0.37, 0.18
---------------------------------------------------------
Lic. Martín Marqués | SELECT 'mmarques' ||
Centro de Telemática | '@' || 'unl.edu.ar';
Universidad Nacional | DBA, Programador,
del Litoral | Administrador
---------------------------------------------------------
More information about the fedora-legacy-list
mailing list