Hello, we're currently tracking two CVEs in mailman:
https://people.canonical.com/~ubuntu-security/cve/pkg/mailman.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0618
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13796
We've prioritized both these issues as 'low',
Great Paride, thanks. Let's see how it evolves and hopefully it gets an
upgrade knowing the existing security issues to be applied and taking in
consideration the LTS status of 16.04
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I reverted the bug status to what is was until 2019-05-17, I think the
changes were not wanted. Please note that the bug was not assigned to
anybody even before. The latest valid update to this bug is message #8
from Robie Basak.
--
You received this bug notification because you are a member of
** Changed in: mailman (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1803838
Title:
Mailman Upgrade to 2.1.29 - Ubuntu 16.04
To manage notifications about
May I know why this was moved to Status incomplete e assigned to nobody
?
The issue reported continues, so the bug fixes between 2.1.20 and 2.1.29
still exists and the rationale is to keep them there until someone can
report that have been victim of an exploit ?
What is the sense of doing that
** Changed in: mailman (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1803838
Title:
Mailman Upgrade to 2.1.29 - Ubuntu 16.04
To manage notifications about
> given that the most appropriate is a version upgrade
Not necessarily. The most appropriate approach to take will be decided
between Ubuntu developers, the security team, the stable release updates
team and anyone else actually doing the work.
> as there are known pending security fixes
Yeah, given that the most appropriate is a version upgrade, but I find a
bit strange have to report a individual issue in order for that to
happen as there are known pending security fixes. Perhaps it just speeds
up things if I understand correctly.
--
You received this bug notification because
Current state of mailman in the Security Team's CVE tracker:
http://people.canonical.com/~ubuntu-security/cve/pkg/mailman.html
At the moment, these are in a needs-triage state: CVE-2018-0618 and
CVE-2018-13796
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0618
** CVE added:
A "blanket" bug like this, requesting a big upgrade, is unlikely to be
resolved. I think it's best to highlight a specific issue in a specific
bug report, even if you end up with multiple reports. Then someone
working on it can decide whether it's best to backport a fix, or upgrade
the version.
Current state of mailman in the Security Team's CVE tracker:
http://people.canonical.com/~ubuntu-security/cve/pkg/mailman.html
At the moment, these are in a needs-triage state: CVE-2018-0618 and
CVE-2018-13796
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0618
** CVE added:
A "blanket" bug like this, requesting a big upgrade, is unlikely to be
resolved. I think it's best to highlight a specific issue in a specific
bug report, even if you end up with multiple reports. Then someone
working on it can decide whether it's best to backport a fix, or upgrade
the version.
Hello Hans.
Thanks for the update.
I guess that would be the case maybe for Mailman 3.0 for example but in the
case we are talking about there are several security fixes that are related on
the changelog from version 2.1.20 to 2.1.29.
I believe the security issues that have been fixed on
Thanks for reporting.
Ubuntu is not a rolling release, so package versions are usually not
updated from the one initially provided in a certain Ubuntu release.
Newer versions of packages are added to newer Ubuntu releases.
There are a couple of exceptions. The first one is major bugs or
security
** Package changed: ubuntu => mailman (Ubuntu)
** Tags added: xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1803838
Title:
Mailman Upgrade to 2.1.29 - Ubuntu 16.04
To manage notifications
There's also the new Mailman PPA:
https://launchpad.net/~mailman-administrivia/+archive/ubuntu/ppa
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1803838
Title:
Mailman Upgrade to 2.1.29 - Ubuntu
If you want to upgrade the Ubuntu 16.04 package from source, see
https://wiki.list.org/x/17891606.
** Also affects: ubuntu
Importance: Undecided
Status: New
** No longer affects: mailman
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
17 matches
Mail list logo
