Mailman is een open source systeem voor het onderhouden van mailing lijsten en nieuwsbrieven. De ingebouwde web-interface biedt een snelle en eenvoudige toegang voor gebruikers en beheerders. Tevens wordt archivering, automatische bounce verwerking, content filtering en spam filters ondersteund, net zoals 28 verschillende talen. Mailman wordt grotendeels in de programmeertaal Python ontwikkeld en versie 2.1.9 is sinds kort beschikbaar. Zo is onder andere de Nederlandse taalversie herzien en zijn er verschillende beveiligingslekken opgelost. De aankondiging en lijst met veranderingen zien er als volgt uit:
This is Mailman 2.1.9 (final). It is a security and bug fix release. All Mailman installations are strongly encouraged to update to this version. This version also includes two new languages: Arabic and Vietnamese.
Security:Internationalization:
- A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636
- Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
Bug fixes and other patches:
- New languages: Arabic, Vietnamese.
- Fixed Decorate.py so that characters in message header/footer which are not in the character set of the list's language are ignored rather than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of queue slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp.
