Update Wikimedia's Mailman install
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	Peachey88
	Mar 3 2010, 12:35 AM

Description

Mailmans changes 2.1.9 -> 2.1.13

We are currently running 2.1.9 and the latest stable is currently 2.1.13 (December '09).

The last few revisions have apparently been "dedicated" dealing with security issues from my understanding of reading another mailing list.

Also since I can never find the change log on their site I'm attaching a copy from their package (showing 2.1.9 -> 2.1.13 changes)

(Also cc'ing, Cary since he is involved with mailing lists.)

Version: unspecified
Severity: normal

Attached:

Mailman_Change_log.txt21 KBDownload

Details

Reference: bz22708

Related Objects
Search...

Status	Assigned	Task
Resolved	• MZMcBride	T27231 Mailman mailing list archiver truncates if a line begins with "From"
Resolved	None	T24708 Update Wikimedia's Mailman install
Resolved	None	T31915 Upgrade the WMF-cluster >= Ubuntu 10.04

Event Timeline

• bzimport raised the priority of this task from to High.Nov 21 2014, 10:58 PM

• bzimport added projects: Wikimedia-Mailing-lists, acl*sre-team.

• bzimport set Reference to bz22708.

• bzimport added a subscriber: Unknown Object (MLST).

Peachey88 created this task.Mar 3 2010, 12:35 AM

mike.lifeguard+bugs wrote:

(In reply to comment #0)

(Also cc'ing, Cary since he is involved with mailing lists.)

AFAIK, he just handles creating mailing lists. Fred has been doing more in-depth stuff.

bugs wrote:

(In reply to comment #1)

AFAIK, he just handles creating mailing lists. Fred has been doing more
in-depth stuff.

He does, but there's nothing wrong with keeping him in the loop, hence the CC. :-)

mike.lifeguard+bugs wrote:

(In reply to comment #2)

He does, but there's nothing wrong with keeping him in the loop, hence the CC.

It was just an excuse to ping Fred via CC to get attention :D

mike.lifeguard+bugs wrote:

(In reply to comment #3)

(In reply to comment #2)

He does, but there's nothing wrong with keeping him in the loop, hence the CC.

It was just an excuse to ping Fred via CC to get attention :D

Too bad it dun work :(

The current stable GNU Mailman version is 2.1.14, released on 20-Sep-2010.

According to Mark yesterday (February 4, 2011) in #wikimedia-operations: "mailman will be moved to a new box and upgraded in the process soon"

bugs wrote:

(In reply to comment #6)

According to Mark yesterday (February 4, 2011) in #wikimedia-operations:
"mailman will be moved to a new box and upgraded in the process soon"

Does anyone know if it was ever moved? Bark?

Removing "shell" keyword for things that aren't directly doable by shell users etc

Adding ops keyword

Removing shell keyword if exists

http://rt.wikimedia.org/Ticket/Display.html?id=1176

Mailman 2.1.9 being vulnerable to various XSS attacks has been reported in OTRS ticket 2011082210003661, too. According to http://www.list.org/, the current stable GNU Mailman version is 2.1.14, released on 20-Sep-2010, as also mentioned almost a year ago in comment 5 by Ashar.

(In reply to comment #12)

Mailman 2.1.9 being vulnerable to various XSS attacks has been reported in OTRS
ticket 2011082210003661, too. According to http://www.list.org/, the current
stable GNU Mailman version is 2.1.14, released on 20-Sep-2010, as also
mentioned almost a year ago in comment 5 by Ashar.

If there are XSS vulnerabilities, that warrants an increased importance rating, in my view. And makes this no longer an enhancement. Not that these drop-downs really mean much, but still...

Mailman has been moved to a new server, and in the process was upgraded to the version in Ubuntu Lucid, 2.1.13.

Update Wikimedia's Mailman installClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

Update Wikimedia's Mailman install
Closed, ResolvedPublic
Actions

Related Objects
Search...