Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 211676

Summary: CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
Product: [Retired] Fedora Legacy Reporter: Matthew Miller <mattdm>
Component: mailmanAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CANTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: fc3CC: deisenst, martin.marques, sheltren
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: LEGACY, 3, 4, NEEDSWORK
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-10 19:14:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 209891    
Bug Blocks:    

Description Matthew Miller 2006-10-20 19:01:19 UTC 
+++ This bug was initially created as a clone of Bug #209891 +++

Cloning for FC3.

+++ This bug was initially created as a clone of Bug #206607 +++

FC6 needs mailman 2.1.9 to correct CVE-2006-4624, CVE-2006-3636, CVE-2006-2941

-------------------------
This bug is for FC3 and FC4.  Upgrading to mailman 2.1.9 will correct these
vulnerabilities.
Comment 1 David Eisenstein 2006-10-21 08:49:07 UTC 
Oh okay.  I guess I thought it was simpler to track a single issue in 
just one bug report, but I guess splitting them out may help ... ?  I
hope it does.
Comment 2 David Eisenstein 2006-11-15 06:51:12 UTC 
The current version of the .src.rpm is

   mailman-2.1.5-32.fc3.src.rpm

at

<http://download.fedoralegacy.org/fedora/3/updates/SRPMS/mailman-2.1.5-32.fc3.src.rpm>
Comment 3 Martí­n Marqués 2006-11-18 10:43:29 UTC 
Can someone check the src.rpm I made with the lateest mailman from legacy and
the patches from RHEL?

http://bugs.unl.edu.ar/~martin/mailman-2.1.5-33.fc3.legacy.src.rpm

Looks OK, and all I did was add the patches. Check it and tell me if there is
something wrong.
Comment 4 Jeff Sheltren 2006-11-18 13:51:14 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

52fdd358c0c0fdab46790bdb1d9afa5cc1831c9a  mailman-2.1.5-33.fc3.legacy.src.rpm

Spec file changes are mimimal and OK, but missing a changelog entry

Sources match those from latest FC3 package

New patches match EL4 patches

However, there are a few issues fixed in the EL4 package which
we should probably fix here as well:
CVE-2005-3573, CVE-2005-4153, CVE-2006-0052

Bug #193843 has these listed already...

Martin, your package looks pretty good although you should add a changelog
entry.  I'd also like to fix the other CVEs I listed above before releasing
a mailman update, so if you want to patch those as well, I'll be glad
to QA your updated package.

Also, when posting package or QA feedback on packages, we try
to list the sha1sum for the package and also gpg --clearsign
your entire message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFXw9dKe7MLJjUbNMRAmVhAJ0ZeqU7rLdibr+5wa960u5BTw5Y/QCgs1NS
TkLhp2bYvScUd2J2KLn5n6E=
=CdyK
-----END PGP SIGNATURE-----
Comment 5 Jeff Sheltren 2006-11-18 13:52:23 UTC 
Oops, I forgot to mention, we should also be patching CVE-2006-4624 which is
listed in the title of this bug report :)
Comment 6 Matthew Miller 2007-04-10 19:14:25 UTC 
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.