mailman (2.0.11-1woody11) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rewrote patch to fix directory traversal (CAN-2005-0202) so it will work with Python 1.5 as well since that's the lowest requirement for mailman in Debian/stable and since Python 1.5.2 doesn't do list comprehensions [Mailman/Cgi/private.py] -- Martin Schulze Fri, 18 Feb 2005 12:57:31 +0100 mailman (2.0.11-1woody10) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected the directory traversal vulnerability [Mailman/Cgi/private.py, CAN-2005-0202] -- Martin Schulze Thu, 10 Feb 2005 16:26:19 +0100 mailman (2.0.11-1woody9) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch by Barry Warsaw to fix a remote directory traversal vulnerability [Mailman/Cgi/private.py, CAN-2005-0202] * Backported upstream patch to fix cross-site scripting vulnerability [Mailman/Utils.py, scripts/driver, CAN-2004-1177] -- Martin Schulze Wed, 9 Feb 2005 20:20:48 +0100 mailman (2.0.11-1woody8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix a bug introduced in 2.0.11-1woody7 which caused a crash on messages with no Subject header at all (Closes: #232079) -- Matt Zimmerman Wed, 11 Feb 2004 08:49:47 -0800 mailman (2.0.11-1woody7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix potential cross-site scripting in admin interface (CAN-2003-0965) [Mailman/Cgi/admin.py] * Does not seem to be vulnerable to CAN-2003-0992 (cross-site scripting in create.py) * Fix a cross-site scripting vulnerability that is similar to CAN-2003-0038, but possibly not quite the same -- Matt Zimmerman Fri, 6 Feb 2004 12:07:56 -0800 mailman (2.0.11-1woody6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Matthew Galgoci to fix a denial of service [Mailman/MailCommandHandler.py, CAN-2003-0991] -- Martin Schulze Sun, 1 Feb 2004 18:20:42 +0100 mailman (2.0.11-1woody5) stable; urgency=medium * Non-maintainer upload by stable release manager * Fixed permissions on /var/lock/mailman which rendered the package in stable unusable -- Martin Schulze Sun, 8 Sep 2002 20:40:24 +0200 mailman (2.0.11-1woody4) stable-security; urgency=low * Security team NMU * Apply security fixes from 2.0.12: * Increment version number due to upload SNAFU -- Matt Zimmerman Sun, 25 Aug 2002 14:56:28 -0400 mailman (2.0.11-1woody3) stable-security; urgency=low * Security team NMU * Fix an inadvertent python2.x dependency which crept in in 1woody2 -- Matt Zimmerman Fri, 23 Aug 2002 18:39:02 -0400 mailman (2.0.11-1woody2) stable-security; urgency=low * Security team NMU * Apply security fixes from 2.0.12: - Implemented a guard against some reply loops and 'bot subscription attacks. Specifically, if a message to -request has a Precedence: bulk (or list, or junk) header, the command is ignored. Well-behaved 'bots should always include such a header. - Closed another minor cross-site scripting vulnerability. -- Matt Zimmerman Thu, 1 Aug 2002 19:37:32 -0400 mailman (2.0.11-1woody1) testing-security; urgency=high * Rebuilt for Woody, fixes CSS problem. -- Jordi Mallach Mon, 1 Jul 2002 11:55:15 +0200 mailman (2.0.11-2) unstable; urgency=low * Move qrunner's lock files to /var/lock/mailman (closes: #148667) -- Tollef Fog Heen Mon, 3 Jun 2002 11:24:04 +0200 mailman (2.0.11-1) unstable; urgency=high * New upstream release (closes: #147566, 146168) - fixes CSS problem * Add spanish template (closes: #143524) -- Tollef Fog Heen Tue, 21 May 2002 19:23:25 +0200 mailman (2.0.10-1) unstable; urgency=low * New upstream release (closes: #146168) -- Tollef Fog Heen Mon, 20 May 2002 22:47:53 +0200 mailman (2.0.9-2) unstable; urgency=low * Add qmail blurb to README.Debian * Fix a strange character in the postinst, one of those 0xa0 chars. -- Tollef Fog Heen Thu, 18 Apr 2002 11:54:07 +0200 mailman (2.0.9-1) unstable; urgency=high * New upstream release, fixes possible security problem * Fix bashism in config script (closes: #140949) * Remove /etc/cron.d mailman on purge (closes: #140908) * Add French Debconf template (closes: #139909) * Fix broken HTML (this really needs more work, but I don't have time for this before woody) (closes: #140492) * Fix typo in help for sync_members (closes: #140647) * Fix typo in rmlist (--archive instead of --archives) (closes: #140466) * Skip CVS directories in /etc/mailman. This is according to an IRC discussion with the bug submitter. (closes: #139171) -- Tollef Fog Heen Tue, 9 Apr 2002 00:02:26 +0200 mailman (2.0.8-4) unstable; urgency=low * Support DEBIAN_FRONTEND=noninteractive as well, thanks to Petter Reinholdtsen for the patch. (closes: #137352) * Add russian template (closes: #136928) * Remove BGCOLOR from the template file (closes: #59354) * Add qmail-to-mailman.py into the examples directory, and also fix the script a little bit according to the bug. (closes: #138962) -- Tollef Fog Heen Mon, 11 Mar 2002 21:44:00 +0100 mailman (2.0.8-3) unstable; urgency=low * Support upgrading of lists with spaces in their names. (closes: #122913) * Merge changelog from stable * Add documentation workaround when upgrading python. Please seee README.Debian (closes: #117969) * Fix config script so that it actually is able to detect whether gate_news is commented out or not. (closes: #129720) * Fix cgi-path in Defaults.py.in (closes: #127069) * remove /var/log/mailman on purge (closes: #131212) -- Tollef Fog Heen Tue, 29 Jan 2002 19:19:24 +0100 mailman (2.0.8-2) unstable; urgency=low * Remove Pre-Depends (should have been removed a long time ago) -- Tollef Fog Heen Thu, 6 Dec 2001 19:34:03 +0100 mailman (2.0.8-1) unstable; urgency=low * New upstream release -- Tollef Fog Heen Wed, 28 Nov 2001 17:40:56 +0100 mailman (2.0.7-3) unstable; urgency=low * Fix bashism in postinst. -- Tollef Fog Heen Wed, 28 Nov 2001 17:40:18 +0100 mailman (2.0.7-2) unstable; urgency=low * Add german template (closes: #118958) * Add missing for loop in cron/mailpasswds and reindent (closes: #120366) * Removed archives from the list of cgis built, since this confused someone. (closes: #120489) -- Tollef Fog Heen Thu, 22 Nov 2001 11:49:57 +0100 mailman (2.0.7-1) unstable; urgency=high * New upstream release (closes: #118991) -- Tollef Fog Heen Mon, 12 Nov 2001 19:30:57 +0100 mailman (2.0.6-5) unstable; urgency=low * Remove debconf note and add low priority question whether Mailman should gate news or not. * Make /etc/cron.d/mailman a configuration file instead of a conffile, this allows us to change the debconf note into a question, which isn't such a misuse of debconf notes. -- Tollef Fog Heen Sat, 10 Nov 2001 02:01:50 +0100 mailman (2.0.6-4) unstable; urgency=low * Fix typo in cron/mailpasswds (closes: #118014) * Fix indentation in cron/mailpasswds (closes: #117903) * Fix typo in postinst (closes: #117888, #117860) * Fix typo in templates * Fix python in preinst, use id instead. (closes: #118024) -- Tollef Fog Heen Fri, 2 Nov 2001 16:24:16 +0100 mailman (2.0.6-3) unstable; urgency=low * Add note about cookies and default URLs. * Clarification to README.Debian concerning IMAGE_LOGOS (closes: #114222) * Fix spelling in copyright * Add /etc/mailman/headfoot.html as a conffile * Remove the patch for per-user monthly password reminders, this is fixed in a different way in mailman 2.1, and it caused a lot of problems. (closes: #102970) * Make it work with both Python 2.x and Python 1.5 by fixing postinst. (closes: #116970, #116233) * Fix preinst to use the system functions to chech whether the user exists or not, instead of grepping /etc/{passwd,group} (closes: #117495) * Add debconf note explaining that gate_news is now commented out. (closes: #116677) * Change dependencies to just depend on python instead of python-base. -- Tollef Fog Heen Tue, 30 Oct 2001 10:03:37 +0100 mailman (2.0.6-2) unstable; urgency=low * Fix patch in ToUsenet.py, which fixes a traceback (closes: #110286) * Make the default value for sending out reminders == -1, which makes the list's value the default, but is overriddable by the user. (closes: #111534) * Fix List-Id on monthly reminders (closes: #111078) -- Tollef Fog Heen Tue, 28 Aug 2001 17:09:24 +0200 mailman (2.0.6-1) unstable; urgency=medium * New upstream release with security fix (closes: #106783) * Comment out gate-news from default crontab and add note to README.Debian (closes: 64809) -- Tollef Fog Heen Fri, 3 Aug 2001 09:01:18 +0200 mailman (2.0.5-2) unstable; urgency=medium * updated description (thanks Greg Ward) * fix a potential problem when gatewaying lists between news and mail, thanks to Jürgen A. Erhard. * Fix up IMAGE_LOGOS in Defaults.py, which might make it easier on those upgrading, where IMAGE_LOGOS is not set in mm_cfg.py * Fix a potential short-term security problem where /var/lib/mailman/data/pending_subscriptions.db was world readable. (Closes: #105998) -- Tollef Fog Heen Mon, 23 Jul 2001 10:47:18 +0200 mailman (2.0.5-1) unstable; urgency=low * New upstream release * Changed build depends, we now depend on debhelper > 3.0, as we use dh_installman. (closes: #97070) * Fixed a grammatical error in templates/subscribeack.txt. (closes: #97183) -- Tollef Fog Heen Thu, 24 May 2001 22:25:51 +0200 mailman (2.0.4-2) unstable; urgency=low * Byte-compile paths.py as well as the other files. * Fix up some potential bugs in the postinst * Fix up a small documentation error in README.EXIM. (closes: #96067) * The cgi-bin symlink wasn't properly created. Fixed now. (closes: #95986) -- Tollef Fog Heen Wed, 2 May 2001 09:16:02 +0200 mailman (2.0.4-1) unstable; urgency=low * New upstream release * comment out line 281 in Mailman/htmlformat.py, this should fix the broken HTML code people are seeing (closes: #94191) * Remove duplicate images, they are now only in /usr/share/doc/mailman/images (closes: #93344). Note that mm_cfg.py is a conffile, so if it has been modified, it's images might be in the wrong place. * remove dh_testversion * update the lintian overrides a bit * moved the cgi scripts to /usr/lib/cgi-bin since apache doesn't support symlinks by default any more. * fix up README.Debian, among other things spell my name correctly :) -- Tollef Fog Heen Tue, 17 Apr 2001 01:07:56 +0200 mailman (2.0.3-7) unstable; urgency=low * Make /usr/lib/mailman/cgi-bin symlink to /usr/lib/cgi-bin/mailman instead of the other way around, per user request, as this is the supported apache configuration. * add lintian overrides (closes: #39047) -- Tollef Fog Heen Tue, 3 Apr 2001 23:47:31 +0200 mailman (2.0.3-6) unstable; urgency=low * fix up digest_arch, so that it won't bomb on years > 100, really a Y2K problem which was tried to be fixed. It shouldn't matter with newer lists and MUAs, as we really don't use digest_arch any more. (closes: #59359, #75613) * close out more old bugs, from version 1.1 and before (closes: #59669, #59867) * close bugs which have been fixed upstream (closes: #70803, #72815, #75761) * fixed a few typos in the copyright file. * added support for per-user monthly notifications (see README.Debian), forwarded upstream. (closes: #76042, #54027) -- Tollef Fog Heen Sat, 24 Mar 2001 02:04:07 +0100 mailman (2.0.3-5) unstable; urgency=low * python is needed as well, in order to build (closes: #90527). -- Tollef Fog Heen Thu, 22 Mar 2001 22:45:21 +0100 mailman (2.0.3-4) unstable; urgency=low * Fix up build-depends (closes: #90109) -- Tollef Fog Heen Sun, 18 Mar 2001 15:41:40 +0100 mailman (2.0.3-3) unstable; urgency=low * Added autoconf invokation before running configure, this should fix the configure stuff, where it looks at /var/lib/mailman (closes: #89850) * Close bugs which were closed by the last upload (closes: #89726), but which I forgot to close. * Mailman has supported having nobody as the CGI user for some time (closes: #36010) -- Tollef Fog Heen Fri, 16 Mar 2001 11:06:44 +0100 mailman (2.0.3-2) unstable; urgency=low * Applied some old patches which had got lost, including allowing the calling of the wrapper scripts if GID == nobody or < 100. (Closes: #36010, #89564, #89848, 89818) * fixed up some of the permissions -- Tollef Fog Heen Wed, 14 Mar 2001 13:40:16 +0100 mailman (2.0.3-1) unstable; urgency=low * New upstream release (closes: #89459) * Fixed a small bug where mailman-owner@host was hard coded in newlist, it now gets it from the configuration (closes: #50583). -- Tollef Fog Heen Tue, 13 Mar 2001 17:03:40 +0100 mailman (2.0.2-1) unstable; urgency=low * New upstream release * New maintainer * Updated standards-version * Updated to debhelper v2 * Closed old, non-responsive, non-reproducible bugs (closes: #72714, #49176, #33804) * Converted to use dpkg-statoverride (closes: #87199) * the doublequote bug is fixed upstream (closes: #75724) * mailing list url bug has been fixed upstream (closes: #80988) * subscribe.py should return a HeadlessDocument, not a Document, else one gets really non-valid HTML. (closes: #78941) * Added man pages (closes: #57231) -- Tollef Fog Heen Sat, 10 Mar 2001 18:31:24 +0100 mailman (2.0final-1) unstable; urgency=low * New upstream version (Closes: #75640, #65955) * Fix default private archive url (Closes: #74766, #74112, #76114, #77448) * Add / to the default url (Closes: #68619, #69167, #71006, #71208, #71464, #71475) -- Gergely Madarasz Sun, 26 Nov 2000 18:37:05 +0100 mailman (2.0beta5-1) unstable; urgency=low * New upstream version (Closes: #68376) * Fix postinst (Closes: #67177) -- Gergely Madarasz Thu, 3 Aug 2000 13:13:23 +0200 mailman (2.0beta4-1) unstable; urgency=low * New upstream version * Update logrotate config file -- Gergely Madarasz Fri, 7 Jul 2000 12:05:03 +0200 mailman (2.0beta3-1) unstable; urgency=low * Update cron.d file (add qrunner, remove run_queue) * New upstream version -- Gergely Madarasz Thu, 29 Jun 2000 13:29:46 +0200 mailman (2.0beta2-1) unstable; urgency=low * New upstream version * Update the conffiles list * Update the default mm_cfg.py -- Gergely Madarasz Mon, 29 May 2000 16:06:45 +0200 mailman (1.1-9) stable; urgency=medium * Cross site scripting (CSS) fixes, backported from Mailman 2.0.8. * Support list names with spaces in them. -- Tollef Fog Heen Fri, 7 Dec 2001 13:53:11 +0100 mailman (1.1-8) stable; urgency=medium * Fix maintainer field * Completely fix previous security flaw * Fix dedent in Mailman/SecurityManager.py (closes: #107768) -- Tollef Fog Heen Mon, 6 Aug 2001 16:27:32 +0200 mailman (1.1-7) stable; urgency=medium * Fix possible (but rare) security problem if site password was blank -- Tollef Fog Heen Fri, 3 Aug 2001 21:51:32 +0200 mailman (1.1-6) frozen unstable; urgency=high * Fix archiver security problem (Closes: #64841) * Fix upgrade message (Closes: #63427) * Fix email address in README.Debian -- Gergely Madarasz Mon, 29 May 2000 15:15:15 +0200 mailman (1.1-5) frozen unstable; urgency=medium * Small fix for subjectless messages (Closes: #61695) -- Gergely Madarasz Sun, 16 Apr 2000 03:19:21 +0200 mailman (1.1-4) frozen unstable; urgency=medium * Now really fix news gatewaying (Closes: #57223, #57596) * Bug already fixed previously... Closes: #55579 -- Gergely Madarasz Tue, 22 Feb 2000 23:02:03 +0100 mailman (1.1-3) frozen unstable; urgency=medium * Fix news gatewaying (Closes: #57223, #57596) * Bug already fixed previously... Closes: #55579 -- Gergely Madarasz Tue, 22 Feb 2000 19:38:55 +0100 mailman (1.1-2) unstable; urgency=low * Fix mailman image link in the default config (Closes: #50578, #53673) * Remove pegasus mail's x-pmrqc header (Closes: #51090) * Now depends on logrotate (Closes: #54810) -- Gergely Madarasz Thu, 13 Jan 2000 14:50:52 +0100 mailman (1.1-1) unstable; urgency=low * New upstream version -- Gergely Madarasz Sat, 6 Nov 1999 14:20:30 +0100 mailman (1.0rel-5) unstable; urgency=low * Adduser fixes again (Closes: #48922) -- Gergely Madarasz Mon, 1 Nov 1999 20:06:18 +0100 mailman (1.0rel-4) unstable; urgency=low * Remove unnecessary interaction (Closes: #44651, #44919) * Fix adduser call in preinst (Closes: #45063) * Add logrotate config file, recommend logrotate -- Gergely Madarasz Mon, 1 Nov 1999 16:43:14 +0100 mailman (1.0rel-3) unstable; urgency=low * Really change maintainer address -- Gergely Madarasz Tue, 7 Sep 1999 21:02:25 +0200 mailman (1.0rel-2) unstable; urgency=low * FHS compliant * Standards: 3.0.1 * rename arch to mmarch (Closes: #43185) * Change maintainer address -- Gergely Madarasz Tue, 7 Sep 1999 17:18:02 +0200 mailman (1.0rel-1) unstable; urgency=low * New upstream version * Change the default URL to .../cgi-bin/mailman in mm_cfg.py so the cookie authentication code works with the default cgi-bin symlink * Some notes about exim and the default url in README.Debian -- Gergely Madarasz Mon, 2 Aug 1999 17:32:07 +0200 mailman (1.0rc3-2) unstable; urgency=low * Fix python dependencies (Closes: #41335) -- Gergely Madarasz Thu, 15 Jul 1999 12:39:20 +0200 mailman (1.0rc3-1) unstable; urgency=low * New upstream version * Add check_perms to the binaries list * Fix some permissions which might have been broken by earlier installs * Move /var/lib/mailman/logs to /var/lib/mailman/logs.old, put new logs to /var/log/mailman -- Gergely Madarasz Wed, 14 Jul 1999 19:12:11 +0200 mailman (1.0rc2-6) unstable; urgency=low * Fix cron.d entry (#38492) * Fix postint (#40281) -- Gergely Madarasz Sat, 3 Jul 1999 16:14:21 +0200 mailman (1.0rc2-5) stable unstable; urgency=low * Fix an incompatibility with the older slink version -- Gergely Madarasz Tue, 22 Jun 1999 17:16:56 +0200 mailman (1.0rc2-4) stable unstable; urgency=high * Another small, but very annoying bug fixed in subject prefixing -- Gergely Madarasz Tue, 15 Jun 1999 14:27:00 +0200 mailman (1.0rc2-3) stable unstable; urgency=high * Upload for stable & unstable, the .orig.tar.gz files would make a mess... -- Gergely Madarasz Tue, 15 Jun 1999 13:36:20 +0200 mailman (1.0rc2-0.slink1) stable; urgency=high * Security upload for stable -- Gergely Madarasz Tue, 15 Jun 1999 11:08:50 +0200 mailman (1.0rc2-1) unstable; urgency=high * New upstream version * Fixes cookie security problem * Actually there is a need for the list user for cronjobs, add it in preinst if it does not exist -- Gergely Madarasz Tue, 15 Jun 1999 10:05:54 +0200 mailman (1.0rc1-1) unstable; urgency=low * New upstream version * The version dependency on python is not needed anymore * Move the options.html upgrade warning from the update script to postinst (version checking) * Argh, bad permissions in the previous release -- Gergely Madarasz Tue, 18 May 1999 18:13:03 +0200 mailman (1.0b11-2) unstable; urgency=low * Fix problem with python and exim, depend on python (>= 1.5.2) * No need for list user, but check for existence of the list group and create if not found. Change su to sg in the postinst accordingly (addresses #33701 and #36015) * Loosen up the cgi-s gid check (#36010) * Fix some lintian errors and warnings, not cleaned up completely yet -- Gergely Madarasz Fri, 30 Apr 1999 17:47:32 +0200 mailman (1.0b11-1) unstable; urgency=low * New upstream version -- Gergely Madarasz Sat, 3 Apr 1999 18:53:41 +0200 mailman (1.0b10-1) unstable; urgency=low * Ugh, didn't have dependency on httpd... fixed * New upstream version -- Gergely Madarasz Fri, 26 Mar 1999 18:31:49 +0100 mailman (1.0b9-1) unstable; urgency=low * New upstream version -- Gergely Madarasz Mon, 1 Mar 1999 20:23:01 +0100 mailman (1.0b8-3) frozen unstable; urgency=low * Upload orig.tar.gz for slink -- Gergely Madarasz Fri, 5 Feb 1999 23:15:16 +0100 mailman (1.0b8-2) frozen unstable; urgency=low * Upload for slink (1.0b4 is very buggy) * Ugh, fix the maintainer entry in the control file :) * Fix the binaries list which link to /usr/sbin * Remove dependency on perl (how did it ever happen?!) * Remove the recommendation of lists-archives * Write a short README.Debian about the debian-specific configuration of mailman * Remove old directories (created by 1.0b4) in /etc/mailman/ -- Gergely Madarasz Wed, 3 Feb 1999 12:43:03 +0100 mailman (1.0b8-1) unstable; urgency=low * New upstream version -- Gergely Madarasz Fri, 15 Jan 1999 16:06:36 +0100 mailman (1.0b7-3) unstable; urgency=low * Files in /etc/mailman are conffiles now (#23662) * Symlink /usr/lib/cgi-bin/mailman to /usr/lib/mailman/cgi-bin so there's no need for webserver reconfiguration (#26607) -- Gergely Madarasz Thu, 14 Jan 1999 23:53:07 +0100 mailman (1.0b7-2) unstable; urgency=low * Modify the binaries list * Don't compileall, it will be done when installed -- Gergely Madarasz Fri, 8 Jan 1999 03:56:14 +0100 mailman (1.0b7-1) unstable; urgency=low * Don't check caller gid in mail-wrapper * New maintainer * New upstream version -- Gergely Madarasz Fri, 8 Jan 1999 02:24:00 +0100 mailman (1.0b4-2) unstable; urgency=low * Tweaked mm_archive.py so links to Lists-Archives are not broken. * Added recommendation for lists-archives. -- Johnie Ingram Thu, 18 Jun 1998 01:26:05 -0400 mailman (1.0b4-1) unstable; urgency=low * Initial Release. -- Johnie Ingram Tue, 16 Jun 1998 22:33:38 -0400