lp://qastaging/~james-page/ubuntu/hardy/mailman/fix-659975

Created by James Page and last modified
Get this branch:
bzr branch lp://qastaging/~james-page/ubuntu/hardy/mailman/fix-659975
Only James Page can upload to this branch. If you are James Page please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
James Page
Status:
Development

Recent revisions

17. By James Page

Patched bundled python-2.5.8 email package to correctly parse
email addresses (LP: #659975)

16. By Emanuele Gentili

* debian/control:
 + updated maintainer field
* SECURITY UPDATE:
 + debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
  - Multiple cross-site scripting (XSS) vulnerabilities in Mailman
    before 2.1.10b1 allow remote attackers to inject arbitrary web
    script or HTML via unspecified vectors related to (1) editing
    templates and (2) the list's "info attribute" in the web
    administrator interface.
* References
 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
 + http://bugs.gentoo.org/show_bug.cgi?id=208710

15. By Thijs Kinkhorst

* Drop suggests for obsolete python-*-codecs and drop versioned
  dependencies for pre-oldstable versions.
* Fix formatting of man pages (Closes: #432848).
* Fix some bashisms in Debian packaging scripts.
* Do not make /var/log/mailman world-readable, because it can contain
  a bit of semi-private information. Thanks Alexander Gerasiov.
  (Closes: #450927)
* After logrotate, call 'mailmanctl reopen' instead of sending SIGHUP
  since that is the supported way of rotating logs (Closes: #424620).
* Fix pidfile location in mailman.init, thanks Peter Rabbitson
  (Closes: #439325).
* Make symlinks to /var/lo{g,ck}/mailman absolute, because the relative
  ones cause trouble on systems where people move these things around
  (Closes: #408855, #413604). Override lintian since this is allowed by
  policy.
* Checked for policy 3.7.3, no changes required. Additional packaging
  cleanups.

14. By Thijs Kinkhorst

[ Thijs Kinkhorst ]
* Added Portuguese debconf translation by Miguel Figueiredo
  (Closes: #414365).
* Make sure Mailman can be properly purged (Closes: #421676).
* Remove obsolete upgrading code.
* Do not break upgrades in case python is temporarily unavailable
  (Closes: #419563).

[ Lionel Elie Mamane ]
* Avoid implicit-sort-on-load of indexes being converted to Unicode
  (hopefully really closes: #412142 now)

13. By Lionel Elie Mamane <email address hidden>

Upgrade subject and author indexes of _all_ archiving volumes to
Unicode strings. (completely closes: #412142)

12. By Martin Pitt

* Merge from debian unstable, remaining changes:
  - debian/control: exim4 -> postfix.

11. By Martin Pitt

* Synchronize to Debian; remaining Ubuntu change:
  - debian/control: exim4 -> postfix.

10. By Martin Pitt

* SECURITY UPDATE: XSS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
  - Fix various cross-site scripting vulnerabilities.
  - Patch backported from svn head, thanks to Barry Warsaw for preparing it.
  - CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
  - Scrubber.py: Do not bail out if emails' get_filename() throws a
    ValueError. This has been properly fixed in the next upstream email
    package (in Python core), but the fix is very intrusive. Thanks to Steve
    Alexander for discovering this and for the proposed patch.
  - CVE-2006-2941
  - Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
  - Check characters in URL to prevent injecting bogus messages into
    error_log.
  - Patch taken from upstream SVN:
    http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918

9. By Martin Pitt

Merge new Debian revision; Debian adopted the init script and apache2
dependency fix, only remaining diff is the exim4->postfix dependency
change.

8. By Martin Pitt

* Merge to Debian; remaining Ubuntu changes:
  - debian/mailman.init: Create /var/{run,lock}/mailman.
  - debian/control: exim4 -> postfix.
* debian/control: Dependency fix: apache -> apache2.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://qastaging/ubuntu/natty/mailman
This branch contains Public information 
Everyone can see this information.

Subscribers