Created attachment 195627 [details] patch to fix CVE-2018-13796 for 2.1.14+j7 (This is re-submit from Bug #22935 comment #3 and #4) On Mon, 23 Jul 2018 Mailman 2.1.28 has been released and a vulnerability CVE-2018-13796 has been published. Mailman 2.1.28 release announcement <https://www.mail-archive.com/mailman-users@python.org/msg71066.html> Mailman 2.1.29 releas announcement <https://www.mail-archive.com/mailman-users@python.org/msg71066.html> vulnerability detail (launchpad.net, Bug 178074) https://bugs.launchpad.net/mailman/+bug/1780874 This vulnerability affects mailman 2.1.14+j7. The patch attached in bug report at launchpad.net is one for rev 1768 (between 2.1.26 release and 2.1.27 release) and above, so I've made patch for 2.1.14+j7 (attached patch).
(In reply to Yasuhito FUTATSUKI from comment #0) > (This is re-submit from Bug #22935 comment #3 and #4) above is wrong bug Id... This was a resubmit report of #229351 comment #3 and #4
A commit references this bug: Author: tota Date: Thu Aug 30 06:34:28 UTC 2018 New revision: 478435 URL: https://svnweb.freebsd.org/changeset/ports/478435 Log: - Apply CVE-2018-13796 patch PR: 230183 Submitted by: Yasuhito FUTATSUKI MFH: 2018Q3 Security: CVE-2018-13796 Changes: head/japanese/mailman/Makefile head/japanese/mailman/files/patch-Mailman_Utils.py
A commit references this bug: Author: tota Date: Tue Sep 4 03:01:22 UTC 2018 New revision: 478924 URL: https://svnweb.freebsd.org/changeset/ports/478924 Log: MFH: r478435 - Apply CVE-2018-13796 patch PR: 230183 Submitted by: Yasuhito FUTATSUKI Security: CVE-2018-13796 Approved by: ports-secteam (miwi@) Changes: _U branches/2018Q3/ branches/2018Q3/japanese/mailman/Makefile branches/2018Q3/japanese/mailman/files/patch-Mailman_Utils.py
Committed. Thanks!