Created attachment 190359 [details] CVE-2018-5950 patch for Mailman 2.1.14+j7 Mailman/Cgi/options.py on Mailman 2.1.14+j7 seems to have the vulnerability same as upstream GNU Mailman before 2.1.26, CVE-2018-5950. This is a patch from https://bugs.launchpad.net/mailman/+bug/1747209 (re-create for 2.1.14+j7, applied diff after that patch)
I also found MASTER_SITES URL has changed. (http://www.python.jp/doc/contrib/mailman/_static -> https://docs.python.jp/doc/contrib/mailman/_static/)
A commit references this bug: Author: tota Date: Sun Feb 25 10:45:00 UTC 2018 New revision: 462947 URL: https://svnweb.freebsd.org/changeset/ports/462947 Log: - Add CVE-2018-5950 patch [1] - Update MASTER_SITES [1] - USES shebangfix - Regenerate patches with makepatch - Fix pkg-plist to make portlint happy PR: 225703 [1] Submitted by: Yasuhito FUTATSUKI MFH: 2018Q1 Security: CVE-2018-5950 Changes: head/japanese/mailman/Makefile head/japanese/mailman/files/patch-CVE-2015-2775 head/japanese/mailman/files/patch-CVE-2018-5950 head/japanese/mailman/files/patch-Mailman-Defaults.py.in head/japanese/mailman/files/patch-Mailman-htmlformat.py head/japanese/mailman/files/patch-configure.in head/japanese/mailman/files/patch-misc-mailman.in head/japanese/mailman/pkg-plist
A commit references this bug: Author: tota Date: Wed Mar 14 07:54:30 UTC 2018 New revision: 464466 URL: https://svnweb.freebsd.org/changeset/ports/464466 Log: MFH: r462947 r463639 - Add CVE-2018-5950 patch [1] - Update MASTER_SITES [1] - USES shebangfix - Regenerate patches with makepatch - Fix pkg-plist to make portlint happy - Remove unnecessary line from files/pkg-deinstall.in [2] - Fix files/pkg-install.in [2] PR: 225703 [1] Submitted by: Yasuhito FUTATSUKI Security: CVE-2018-5950 Pointed out by: riggs@ [2] Approved by: ports-secteam (riggs@) Changes: _U branches/2018Q1/ branches/2018Q1/japanese/mailman/Makefile branches/2018Q1/japanese/mailman/files/patch-CVE-2015-2775 branches/2018Q1/japanese/mailman/files/patch-CVE-2018-5950 branches/2018Q1/japanese/mailman/files/patch-Mailman-Defaults.py.in branches/2018Q1/japanese/mailman/files/patch-Mailman-htmlformat.py branches/2018Q1/japanese/mailman/files/patch-configure.in branches/2018Q1/japanese/mailman/files/patch-misc-mailman.in branches/2018Q1/japanese/mailman/files/pkg-deinstall.in branches/2018Q1/japanese/mailman/files/pkg-install.in branches/2018Q1/japanese/mailman/pkg-plist
Committed. Thanks!