----- Original Message ----- From: "Martin Marques" <martin@xxxxxxxxxxxxxxx> To: "Discussion of the Fedora Legacy Project" <fedora-legacy-list@xxxxxxxxxx> Sent: Saturday, October 07, 2006 9:51 AM Subject: Re: Mailman vulnerability > On Thu, 5 Oct 2006, Michal Jaegermann wrote: > > > On Thu, Oct 05, 2006 at 09:19:48AM -0300, Martin Marques wrote: > >> I have a FC4 web server installed and got this mailman report: > >> > >> http://www.securityfocus.com/bid/19831/discuss > >> > >> Is it to worry? > > > > Probably. See also http://rhn.redhat.com/errata/RHSA-2006-0600.html > > > > FC4 is using mailman-2.1.5-35 so fixes in sources used by > > Nop. > > # rpm -qa | grep mailman > mailman-2.1.8-0.FC4.1 > > > RHEL4, as specified by RHSA-2006-0600, will likely apply directly > > or after minimal modifications. You can produce your own > > update before something general eventually will show up. > > Add patches, edit specs and rebuild rpm. > Hi Martin! Our emails must have crossed, so mine was at cross-purposes to what you just wrote. :) > I'm getting the source rpm, and I'll try to apply the patch. > > Do I submit the src.rpm afterwards? Yes! If you get the patched mailman-2.1.8-0.FC4.1 to work okay with the patches, please do post the .src.rpm on the web, and let us know you have done so in Bugzilla Bug #209891! We can then test & QA it and work on getting it released to updates. Thanks! --David -- fedora-legacy-list mailing list fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
