RE: [SECURITY] [DSA 436-1] New mailman packages fix several vulnerabilities
Matt Zimmerman wrote:
> On Sun, Feb 22, 2004 at 03:07:20PM +0100, Julian Mehnle wrote:
> > As far as I can see from the CAN, CAN-2003-0991 had already been
> > fixed in
> > 2.0.14. Is this really an unfixed security vulnerability in the
> > version that is currently in unstable (2.1.4-1)?
> mailman 2.0.14 (2004-02) postdates mailman 2.1.4 (2003-12).
Thanks for the hint. So, CAN-2003-0991 is effectively unfixed in the mailman packages that are currently in unstable (and testing), correct? Are there any plans to fix the vulnerability soon? Tollef?