Bug 211676 - CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
Product: Fedora Legacy
Classification: Retired
Component: mailman (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
: Security
Depends On: 209891
  Show dependency treegraph
Reported: 2006-10-20 15:01 EDT by Matthew Miller
Modified: 2007-04-18 13:51 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-04-10 15:14:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Miller 2006-10-20 15:01:19 EDT
+++ This bug was initially created as a clone of Bug #209891 +++

Cloning for FC3.

+++ This bug was initially created as a clone of Bug #206607 +++

FC6 needs mailman 2.1.9 to correct CVE-2006-4624, CVE-2006-3636, CVE-2006-2941

This bug is for FC3 and FC4.  Upgrading to mailman 2.1.9 will correct these
Comment 1 David Eisenstein 2006-10-21 04:49:07 EDT
Oh okay.  I guess I thought it was simpler to track a single issue in 
just one bug report, but I guess splitting them out may help ... ?  I
hope it does.
Comment 2 David Eisenstein 2006-11-15 01:51:12 EST
The current version of the .src.rpm is



Comment 3 Martí­n Marqués 2006-11-18 05:43:29 EST
Can someone check the src.rpm I made with the lateest mailman from legacy and
the patches from RHEL?


Looks OK, and all I did was add the patches. Check it and tell me if there is
something wrong.
Comment 4 Jeff Sheltren 2006-11-18 08:51:14 EST
Hash: SHA1

52fdd358c0c0fdab46790bdb1d9afa5cc1831c9a  mailman-2.1.5-33.fc3.legacy.src.rpm

Spec file changes are mimimal and OK, but missing a changelog entry

Sources match those from latest FC3 package

New patches match EL4 patches

However, there are a few issues fixed in the EL4 package which
we should probably fix here as well:
CVE-2005-3573, CVE-2005-4153, CVE-2006-0052

Bug #193843 has these listed already...

Martin, your package looks pretty good although you should add a changelog
entry.  I'd also like to fix the other CVEs I listed above before releasing
a mailman update, so if you want to patch those as well, I'll be glad
to QA your updated package.

Also, when posting package or QA feedback on packages, we try
to list the sha1sum for the package and also gpg --clearsign
your entire message.
Version: GnuPG v1.4.5 (Darwin)

Comment 5 Jeff Sheltren 2006-11-18 08:52:23 EST
Oops, I forgot to mention, we should also be patching CVE-2006-4624 which is
listed in the title of this bug report :)
Comment 6 Matthew Miller 2007-04-10 15:14:25 EDT
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.