pkgsrc.se | The NetBSD package collection

./mail/mailman, The GNU Mailing List Manager

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2021Q3, Version: 2.1.35, Package name: mailman-2.1.35, Maintainer: pkgsrc-users

Mailman is software to help manage electronic mail discussion lists,
much like Majordomo or Smartmail. Mailman gives each mailing list a unique
web page and allows users to subscribe, unsubscribe, and change their
account options over the web. Even the list manager can administer his or
her list entirely via the web. Mailman has most of the features that
people want in a mailing list management system, including built-in
archiving, mail-to-news gateways, spam filters, bounce detection, digest
delivery, and so on. See the features page (http://www.list.org/features.html)
for more detail.

Master sites:

https://launchpad.net/mailman/2.1/2.1.35/+download/ (Download)

SHA1: 96dc071ecb7cbf5ced15c75681b18d834d6fe62d
RMD160: 0b53cd0b5e907dc1355eb0df0292e61a04d93b57
Filesize: 9285.496 KB

Version history: (Expand)

(2021-11-21) Updated to version: mailman-2.1.35
(2021-09-28) Package added to pkgsrc.se, version mailman-2.1.34nb1 (created)

CVS history: (Expand)

2021-11-20 22:50:39 by Thomas Merkel | Files touched by this commit (3)

Log message:
Pullup ticket #6534 - requested by bsiegert
mail/mailman: security fix

Revisions pulled up:
- mail/mailman/Makefile                                         1.95
- mail/mailman/PLIST                                            1.31
- mail/mailman/distinfo                                         1.31

---
   Module Name:    pkgsrc
   Committed By:   tm
   Date:           Tue Oct 26 18:42:55 UTC 2021

   Modified Files:
           pkgsrc/mail/mailman: Makefile PLIST distinfo

   Log message:
   mail/mailman: Update to 2.1.35

   2.1.35 (19-Oct-2021)
     Security
       - A potential for for a list member to carry out an off-line brute force
         attack to obtain the list admin password has been reported by Andre
         Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
         CVE-2021-42096  (LP:#1947639)
       - A CSRF attack via the user options page could allow takeover of a users
         account.  This is fixed.  CVE-2021-42097  (LP:#1947640)
     Bug Fixes and other patches
       - Fixed an issue where sometimes the wrapper message for DMARC mitigation
         Wrap Message has no Subject:.  (LP: #1915655)
       - Plain text message bodies with Content-Disposition: and no declared
         charset are no longer scrubbed.  (LP: #1917968)
       - CommandRunner now recodes message bodies in the charset of the user's
         or list's language to avoid a possible UnicodeError when including the
         message body in the reply.  (LP: #1921682)
       - Delivery disabled by bounce notices to admins now have 'disabled'
         properly translated.  (LP: #1922843)
       - DMARC policy discovery ignores domains with multiple DMARC records per
         RFC 7849,  (LP: 1931029)