Subject: Re: Mailman vulnerability
To: None <darcy@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: current-users
Date: 12/10/2005 09:07:09
In message <20051210075250.5e86cec9.darcy@NetBSD.org>, "D'Arcy J.M. Cain" write
s:
>I still get this when trying to install mailman:
>
>===> Checking for vulnerabilities in mailman-2.1.6nb1
>*** WARNING - 1542,denial-of-service vulnerability in mailman-2.1.6nb1
>- see http://secunia.com/advisories/17511/ for more information *** or
>define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
>
>However, Manuel Bouyer supposedly fixed this:
>
>revision 1.27
>date: 2005/12/08 21:09:04;  author: bouyer;  state: Exp;  lines: +2 -1
>Apply patch (from debian via Kimmo Suominen) to address
>http://secunia.com/advisories/17511/ (denial of service).
>
>Is there something else that needs to be fixed?
>

I was poking around the Mailman site a few days ago, and did not see 
any official fix for it there.  We'd have to import the Debian fix
mentioned in the advisory.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb