On Tue Feb 26, 2002 at 06:58:03PM -0800, David Guntner wrote: > Does anyone (civilme, maybe? :) know if there's an address to report > package bugfixes and so on to? Specifically, Mandrake has supplied Mailman > 2.0.6 in a .rpm file. According to the Mailman download page on > Sourceforge, version 2.0.7 is out, and is a bugfix release that takes care > of a known security issue which could lead to a DOS attack on a host > running Mailman, up to and including version 2.0.6. It would probably be a > good idea for Mandrake to release a new .rpm file to update this > package.... But I know know of an address for reporting such things. So > like it says at the beginning of this message, does anyone know of an > address to pass the information along to Mandrake?
mailman is in contribs and we don't usually put out fixes for older versions of contribs. This is due to a few factors: a) contribs doesn't get tested as extensively as main does, so if we started doing updates for contribs, we would likely end up doing a lot of bugfix updates for a number of packages that aren't used very often; b) it doubles the supported packages we deal with and makes the job that much harder. If you look at contribs right now, mailman 2.0.7 is there. You should be able to just download and upgrade, but I would probably do something like "rpm --rebuild mailman-2.0.7-1mdk.src.rpm" (ie. download the srpm and rebuild it yourself so you know it will work). -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 38 days 14 hours 12 minutes.
msg50462/pgp00000.pgp
Description: PGP signature
