Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152895 - CAN-2005-0202 Mailman directory traversal
Summary: CAN-2005-0202 Mailman directory traversal
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: mailman
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
Whiteboard: 1, LEGACY, QA, rh73, rh90
: 152667 152735 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-10 12:15 UTC by Jeff Sheltren
Modified: 2007-03-27 04:29 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-07-10 21:29:05 UTC

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:31:17 UTC
Created an SRPM using patch from RHEL3 and SRPM from FC1.

Feel free to use/rebuild as necesary.

------- Additional Comments From 2005-02-10 09:27:32 ----

QA for RPM in comment 1:

6e4d02c20ca4f3093a4b1ba6b82f3b1533ccfeab  mailman-2.1.5-7.legacy.src.rpm

- spec change good
- patch good
- sources good
- no other changes


------- Additional Comments From 2005-02-10 11:50:05 ----

Hash: SHA1

Whoops, guess I should have gpg signed my first message
and added the shasum... well, I'll get used to this eventually :)

I've also taken the most recent legacy mailman release for RH9 and rebuilt
it with the same patch as used in the RHEL update.

It can be found here:

sha1sums for both packages:
2c129fa1352fdd3600b0230a94aab743f3c15bac  mailman-2.1.1-8.legacy.src.rpm
6e4d02c20ca4f3093a4b1ba6b82f3b1533ccfeab  mailman-2.1.5-7.legacy.src.rpm
Version: GnuPG v1.2.4 (Darwin)


------- Additional Comments From 2005-02-10 15:20:19 ----

Packages released to updates-testing.

(Jeff: thanks for the rh9 packages; I'd already rolled them by the time you
posted that :)

------- Additional Comments From 2005-02-10 16:22:40 ----

No problem.  Thanks for catching the extra buildreqs for the FC1 package!

* Thu Feb 10 2005 Dominic Hargreaves <> - 3:2.1.5-8.legacy

- Added python, autoconf and automake build prerequisites

------- Additional Comments From 2005-02-10 19:06:16 ----

*** Bug 2425 has been marked as a duplicate of this bug. ***

------- Additional Comments From 2005-02-10 19:15:32 ----

We seem to be missing rh73 packages here...

------- Additional Comments From 2005-02-10 21:55:12 ----

Hash: SHA1

Package mailman-2.1.1-8.legacy.i386.rpm installs OK on RH9.  Web interface
good: list browsing, list admin, setting moderation bit, moderation (ie,
mail is held pending moderator approval), are all fine.  Sending mail to a
list is also fine.


Version: GnuPG v1.2.6 (GNU/Linux)


------- Additional Comments From 2005-02-11 05:11:51 ----

Created an attachment (id=993)
Proposed RH 7.3 patch

Makes a similar change as made in the RH9/FC1 patch.  I don't have a 7.3 box to
test it on.

------- Additional Comments From 2005-02-11 05:17:04 ----

Updated 7.3 packages have been built and are waiting to be transferred to the
download server.

------- Additional Comments From 2005-02-11 07:53:41 ----

updates-testing RPMS for rh7.3 now available for verification at:

Note: I'm not signing this message as I don't have access to me GPG key here,
but the packages are gpg-signed with the FL key. Please check the signature.

------- Additional Comments From 2005-03-01 23:13:21 ----

are the following fixed in the rh73 package?

------- Additional Comments From 2005-03-04 07:25:26 ----

Re comment 11, can't remember offhand, all the packages currently in
updates-testing are rebuilds of RHEL updates. ISTR that some of those CANs are
quite minor in inpact and so people haven't bothered to fix them.

------- Additional Comments From 2005-03-06 03:56:34 ----

I'm using this in production on a FC1 box.  Everything seems to work so far.


------- Bug moved to this database by 2005-03-30 18:31 -------

This bug previously known as bug 2419 at
Originally filed under the Fedora Legacy product and Package request component.

Proposed RH 7.3 patch

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Marc Deslauriers 2005-04-05 22:47:27 UTC
*** Bug 152735 has been marked as a duplicate of this bug. ***

Comment 2 Marc Deslauriers 2005-04-05 22:48:26 UTC
*** Bug 152667 has been marked as a duplicate of this bug. ***

Comment 3 Pekka Savola 2005-06-16 12:39:12 UTC
2 VERIFY votes, timeouts in 2 weeks.

Comment 4 Pekka Savola 2005-07-01 18:37:47 UTC
Timeout over, to be released.

Comment 5 Marc Deslauriers 2005-07-10 21:29:05 UTC
Packages were officially released.

Note You need to log in before you can comment on or make changes to this bug.