Ubuntu
mailman package

CVE-2016-6893 in Mailman

  1. Yakkety (16.10)
  2. Bug #1632244
Bug #1632244 reported by Jan Kellermann
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mailman (Ubuntu)
Fix Released
Medium
Marc Deslauriers
Precise
Fix Released
Medium
Marc Deslauriers
Trusty
Fix Released
Medium
Marc Deslauriers
Xenial
Fix Released
Medium
Marc Deslauriers
Yakkety
Fix Released
Medium
Marc Deslauriers

Bug Description

Hi,

when you plan to solve the CVE-2016-6893 in Mailman in Mailman for Ubuntu?

See
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6893.html

Best regards

CVE References

Steve Beattie (sbeattie)
information type: Private Security → Public Security
Revision history for this message
Joshua Powers (powersj) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

It appears that this CVE was fixed in version 2.1.23-1 in Debian:
http://metadata.ftp-master.debian.org/changelogs//main/m/mailman/mailman_2.1.23-1_changelog

As such, an SRU with a backported fix will be required for the supported releases.

Changed in mailman (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is a security update, not an SRU.

Untested pre-release packages are available in the security team PPA:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

They will be released as security updates once they've been through QA, possibly next week.

Changed in mailman (Ubuntu Precise):
status: New → Confirmed
importance: Undecided → Medium
status: Confirmed → In Progress
Changed in mailman (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → Medium
Changed in mailman (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
Changed in mailman (Ubuntu Yakkety):
status: Triaged → In Progress
importance: Critical → Medium
Changed in mailman (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mailman (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mailman (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mailman (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This was released: https://www.ubuntu.com/usn/usn-3118-1/

Changed in mailman (Ubuntu):
status: In Progress → Fix Released
Changed in mailman (Ubuntu Precise):
status: In Progress → Fix Released
Changed in mailman (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in mailman (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in mailman (Ubuntu Yakkety):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.