Red Hat Bugzilla – Bug 211676
CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
Last modified: 2007-04-18 13:51:23 EDT
+++ This bug was initially created as a clone of Bug #209891 +++
Cloning for FC3.
+++ This bug was initially created as a clone of Bug #206607 +++
FC6 needs mailman 2.1.9 to correct CVE-2006-4624, CVE-2006-3636, CVE-2006-2941
This bug is for FC3 and FC4. Upgrading to mailman 2.1.9 will correct these
Oh okay. I guess I thought it was simpler to track a single issue in
just one bug report, but I guess splitting them out may help ... ? I
hope it does.
The current version of the .src.rpm is
Can someone check the src.rpm I made with the lateest mailman from legacy and
the patches from RHEL?
Looks OK, and all I did was add the patches. Check it and tell me if there is
-----BEGIN PGP SIGNED MESSAGE-----
Spec file changes are mimimal and OK, but missing a changelog entry
Sources match those from latest FC3 package
New patches match EL4 patches
However, there are a few issues fixed in the EL4 package which
we should probably fix here as well:
CVE-2005-3573, CVE-2005-4153, CVE-2006-0052
Bug #193843 has these listed already...
Martin, your package looks pretty good although you should add a changelog
entry. I'd also like to fix the other CVEs I listed above before releasing
a mailman update, so if you want to patch those as well, I'll be glad
to QA your updated package.
Also, when posting package or QA feedback on packages, we try
to list the sha1sum for the package and also gpg --clearsign
your entire message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
Oops, I forgot to mention, we should also be patching CVE-2006-4624 which is
listed in the title of this bug report :)
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.