Mailman

File Release Notes and Changelog

Release Name: 2.1.9rc1

Notes:
Mailman 2.1.9rc1 is released.  This is a bug fix and security
release, but it should not yet be used in a production
environment.  Testing is encouraged and feedback is welcome.
Mailman 2.1.9 final is scheduled for release on 10-Sep-2006.

Changes:
2.1.9 (xx-xxx-xxxx)

  Security

    - A malicious user could visit a specially crafted URI and inject an
      apparent log message into Mailman's error log which might induce an
      unsuspecting administrator to visit a phishing site.  This has been
      blocked.  Thanks to Moritz Naumann for its discovery.

    - Fixed denial of service attack which can be caused by some
      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
      Naumann for their discovery.  CVE-2006-3636

  Internationalization

    - New languages: Arabic, Vietnamese.

  Bug fixes and other patches

    - Fixed Decorate.py so that characters in message header/footer which
      are not in the character set of the list's language are ignored rather
      than causing shunted messages (1507248).

    - Switchboard.py - Closed very tiny holes at the upper ends of queue
      slices that could result in unprocessable queue entries.  Improved FIFO
      processing when two queue entries have the same timestamp.