[Mailman-Developers] Re: Mailman 2.1.31 security release - issues and questions

Tue, 05 May 2020 11:56:47 -0700 

On 5/5/20 11:09 AM, Matthias Andree wrote:
> Greetings,
> 
> I am the packager of Mailman 2.x for FreeBSD and am reporting two issues
> and have two questions:
> 
> I1: It would seem the Spanish translation has regressed with 2.1.31,
> and fails to build on FreeBSD 12.1:
> 
...

>>   File "<string>", line 1
>>     "                 direcci�n de rebote cuando se usa "responder a 
>> todos"), as� que puede ser \n"
>>                                                                  ^
>> SyntaxError: invalid syntax
>> *** Error code 1 (ignored)
> 
> There should be \" around 'responder a todos', not simple ".
> Future releases should test build the translations. (Am doing that in
> FreeBSD.)


Thank you for the report. I actually did compile this message catalog,
but with Mailman's bin/msgfmt.py which didn't catch this error.


> I2: Then, none of the mailman.po files was updated for the security fix,
> and in FreeBSD, I am using sed for a machine edit, where WRKSRC is the
> directory that the code is unpacked into (including the mailman-2.1.*
> prefix/), and sed -E switches to modern regexps:
> 
>> sed -E -e '/Illegal Email Address:/,+1s/ *. %\(safeuser\)s//' \
>>                 ${WRKSRC}/messages/*/LC_MESSAGES/mailman.po


My bad for not updating mailman.pot and making the subsequent changes.

I'm going to fix all the above and release 2.1.32 later today.


> Q1: how about the htdig patches? 1813 does not seem to be on par with
> 2.1.31. I am using the 2.1.30 patches (version 1812) for now.


I'll get to it.


> Q2: Is the CVE from 2018 going to be used for this vuln or will there be
> a new CVE number assigned?


The reporter told me he requested a CVE ID, but hasn't given it to me. I
searched Mitre, but if there is a placeholder ID, I wouldn't find it anyway.


-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
_______________________________________________
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3

Security Policy: https://wiki.list.org/x/QIA9

Reply via email to