Overview
Request 842285 accepted
- Update to 2.1.34:
- The fix for lp#1859104 can result in ValueError being thrown
on attempts to subscribe to a list. This is fixed and
extended to apply REFUSE_SECOND_PENDING to unsubscription as
well. (lp#1878458)
- DMARC mitigation no longer misses if the domain name returned
by DNS contains upper case. (lp#1881035)
- A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to
prevent mailbombing of a member of a list with private
rosters by repeated subscribe attempts. (lp#1883017)
- Very long filenames for scrubbed attachments are now
truncated. (lp#1884456)
- A content injection vulnerability via the private login page
has been fixed. CVE-2020-15011 (lp#1877379, bsc#1173369)
- A content injection vulnerability via the options login page
has been discovered and reported by Vishal Singh.
CVE-2020-12108 (lp#1873722, bsc#1171363)
- Bounce recognition for a non-compliant Yahoo format is added.
- Archiving workaround for non-ascii in string.lowercase in
some Python packages is added.
- Thanks to Jim Popovitch, there is now
a dmarc_moderation_addresses list setting that can be used to
apply dmarc_moderation_action to mail From: addresses listed
or matching listed regexps. This can be used to modify mail
to addresses that don't accept external mail From:
themselves.
- There is a new MAX_LISTNAME_LENGTH setting. The fix for
lp#1780874 obtains a list of the names of all the all the
lists in the installation in order to determine the maximum
length of a legitimate list name. It does this on every web
- Created by mcepl
- In state accepted
- Supersedes 842196
- Open review for openSUSE:Backports:SLE-15-SP2
home:mcepl:branches:OBS_Maintained:mailman/mailman.openSUSE_Leap_15.2_Update@2ee1ddef314158036a337a15b69bdba3 -> openSUSE:Leap:15.2:Update/mailman
expected origin is 'None' (unchanged)
Request History
mcepl created request
- Update to 2.1.34:
- The fix for lp#1859104 can result in ValueError being thrown
on attempts to subscribe to a list. This is fixed and
extended to apply REFUSE_SECOND_PENDING to unsubscription as
well. (lp#1878458)
- DMARC mitigation no longer misses if the domain name returned
by DNS contains upper case. (lp#1881035)
- A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to
prevent mailbombing of a member of a list with private
rosters by repeated subscribe attempts. (lp#1883017)
- Very long filenames for scrubbed attachments are now
truncated. (lp#1884456)
- A content injection vulnerability via the private login page
has been fixed. CVE-2020-15011 (lp#1877379, bsc#1173369)
- A content injection vulnerability via the options login page
has been discovered and reported by Vishal Singh.
CVE-2020-12108 (lp#1873722, bsc#1171363)
- Bounce recognition for a non-compliant Yahoo format is added.
- Archiving workaround for non-ascii in string.lowercase in
some Python packages is added.
- Thanks to Jim Popovitch, there is now
a dmarc_moderation_addresses list setting that can be used to
apply dmarc_moderation_action to mail From: addresses listed
or matching listed regexps. This can be used to modify mail
to addresses that don't accept external mail From:
themselves.
- There is a new MAX_LISTNAME_LENGTH setting. The fix for
lp#1780874 obtains a list of the names of all the all the
lists in the installation in order to determine the maximum
length of a legitimate list name. It does this on every web
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
maintbot added openSUSE:Backports:SLE-15-SP2 as a reviewer
Submission for None by someone who is not maintainer in the devel project (openSUSE:Backports:SLE-15-SP2). Please review
maintbot accepted review
ok
msmeissn accepted request
ok
home:mcepl:branches:OBS_Maintained:mailman/mailman.openSUSE_Leap_15.2_Update@2ee1ddef314158036a337a15b69bdba3 -> openSUSE:Leap:15.2:Update/mailman
expected origin is 'None' (unchanged)