-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-09-12 21:29:14 UTC
-
Revision ID:
james.westby@ubuntu.com-20060912212914-ok3c35nf4izdz9f4
Tags: 1:2.1.8-2ubuntu2
* SECURITY UPDATE: XSS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
- Fix various cross-site scripting vulnerabilities.
- Patch backported from svn head, thanks to Barry Warsaw for preparing it.
- CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
- Scrubber.py: Do not bail out if emails' get_filename() throws a
ValueError. This has been properly fixed in the next upstream email
package (in Python core), but the fix is very intrusive. Thanks to Steve
Alexander for discovering this and for the proposed patch.
- CVE-2006-2941
- Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
- Check characters in URL to prevent injecting bogus messages into
error_log.
- Patch taken from upstream SVN:
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918