Package: mailman / 1:2.1.23-1+deb9u5

Metadata

Package Version Patches format
mailman 1:2.1.23-1+deb9u5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_defaults.debian.patch | (download)

Mailman/Defaults.py.in | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 set sane defaults in defaults.py.in
10_wrapper_uid.patch | (download)

src/cgi-wrapper.c | 3 2 + 1 - 0 !
src/mail-wrapper.c | 3 2 + 1 - 0 !
2 files changed, 4 insertions(+), 2 deletions(-)

 makes sure we're called with the right uid and gid (closes: #36010, #89564, #89848, 89818)
Bug-Debian: #36010, #89564, #89848, 89818
16_update_debian.patch | (download)

bin/update | 35 2 + 33 - 0 !
1 file changed, 2 insertions(+), 33 deletions(-)

 update is called from the debian maintainer scripts and
 prints non-appropriate output.  Change that.
25_site_logo.patch | (download)

Mailman/Defaults.py.in | 6 6 + 0 - 0 !
Mailman/htmlformat.py | 43 26 + 17 - 0 !
2 files changed, 32 insertions(+), 17 deletions(-)

 allow each mailman site to have a custom text, link and logo. also fix existing logo linkage.
Bug-Debian: https://bugs.debian.org/267243
51_nocompile.pyc.patch | (download)

Makefile.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 don't do the compileall dance.  it'll just waste cpu cycles.
52_check_perms_lstat.patch | (download)

bin/check_perms | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use lstat instead of stat in check_perms
53_disable_addons.patch | (download)

misc/Makefile.in | 5 4 + 1 - 0 !
misc/paths.py.in | 12 9 + 3 - 0 !
2 files changed, 13 insertions(+), 4 deletions(-)

 disable some modules which are pulled in from other debian packages.
63_update_default_server_language.patch | (download)

bin/update | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 get the default language from the config file, and do not use the
 hardcoded English.
66_donot_let_cache_html_pages.patch | (download)

Mailman/htmlformat.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 patch to prevent browser from caching pages (closes: #281284)
Bug-Debian: #281284
79_archiver_slash.patch | (download)

Mailman/Archiver/Archiver.py | 2 0 + 2 - 0 !
Mailman/Defaults.py.in | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 3 deletions(-)

 some non-pipermail archivers require _no_ final slash (closes: #350388)
Bug-Debian: #350388
90_gettext_errors.patch | (download)

messages/es/LC_MESSAGES/mailman.po | 7 3 + 4 - 0 !
messages/es/LC_MESSAGES/mailman.po.orig | only
messages/hr/LC_MESSAGES/mailman.po | 2 1 + 1 - 0 !
messages/hr/LC_MESSAGES/mailman.po.orig | only
messages/ja/LC_MESSAGES/mailman.po | 8 4 + 4 - 0 !
messages/ja/LC_MESSAGES/mailman.po.orig | only
messages/nl/LC_MESSAGES/mailman.po | 4 3 + 1 - 0 !
7 files changed, 11 insertions(+), 10 deletions(-)

 fix bugs in translation files
91_utf8.patch | (download)

Mailman/Defaults.py.in | 9 6 + 3 - 0 !
Mailman/Logging/Logger.py | 2 1 + 1 - 0 !
messages/Makefile.in | 5 3 + 2 - 0 !
templates/Makefile.in | 51 50 + 1 - 0 !
4 files changed, 60 insertions(+), 7 deletions(-)

 switch mailman to utf-8 (release goal)
Bug-Debian: #398777
92_CVE 2018 5950.patch | (download)

Mailman/Cgi/options.py | 30 16 + 14 - 0 !
1 file changed, 16 insertions(+), 14 deletions(-)

---
93_CVE 2018 0618.patch | (download)

Mailman/Gui/GUIBase.py | 1 1 + 0 - 0 !
Mailman/Gui/General.py | 8 8 + 0 - 0 !
Mailman/Utils.py | 29 26 + 3 - 0 !
3 files changed, 35 insertions(+), 3 deletions(-)

 xss vulnerability (cve-2018-0618)
 XSS vulnerability allows malicious listowners to inject scripts
 into listinfo pages
94_CVE 2018 13796.patch | (download)

Mailman/Utils.py | 21 16 + 5 - 0 !
1 file changed, 16 insertions(+), 5 deletions(-)

 arbitrary text injection vulnerability in mailman cgis
scrubber obj2bin.patch | (download)

Mailman/Handlers/Scrubber.py | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix stored xss via browsers that interpret .obj files