Last modified: 2014-11-17 09:21:09 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T24708, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 22708 - Update Wikimedia's Mailman install
Update Wikimedia's Mailman install
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Mailing lists (Other open bugs)
unspecified
All All
: High normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
: ops
Depends on: 29915
Blocks: 25231
  Show dependency treegraph
 
Reported: 2010-03-03 00:35 UTC by p858snake
Modified: 2014-11-17 09:21 UTC (History)
14 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Mailmans changes 2.1.9 -> 2.1.13 (21.47 KB, text/plain)
2010-03-03 00:35 UTC, p858snake
Details

Description p858snake 2010-03-03 00:35:37 UTC
Created attachment 7176 [details]
Mailmans changes 2.1.9 -> 2.1.13

We are currently running 2.1.9 and the latest stable is currently 2.1.13 (December '09).

The last few revisions have apparently been "dedicated" dealing with security issues from my understanding of reading another mailing list.

Also since I can never find the change log on their site I'm attaching a copy from their package (showing 2.1.9 -> 2.1.13 changes)

(Also cc'ing, Cary since he is involved with mailing lists.)
Comment 1 Mike.lifeguard 2010-04-26 07:18:30 UTC
(In reply to comment #0)
> (Also cc'ing, Cary since he is involved with mailing lists.)

AFAIK, he just handles creating mailing lists. Fred has been doing more in-depth stuff.
Comment 2 Casey Brown 2010-04-26 19:31:11 UTC
(In reply to comment #1)
> AFAIK, he just handles creating mailing lists. Fred has been doing more
> in-depth stuff.

He does, but there's nothing wrong with keeping him in the loop, hence the CC. :-)
Comment 3 Mike.lifeguard 2010-05-02 20:56:01 UTC
(In reply to comment #2)
> He does, but there's nothing wrong with keeping him in the loop, hence the CC.

It was just an excuse to ping Fred via CC to get attention :D
Comment 4 Mike.lifeguard 2010-07-20 02:38:46 UTC
(In reply to comment #3)
> (In reply to comment #2)
> > He does, but there's nothing wrong with keeping him in the loop, hence the CC.
> 
> It was just an excuse to ping Fred via CC to get attention :D

Too bad it dun work :(
Comment 5 Antoine "hashar" Musso (WMF) 2010-10-29 13:20:37 UTC
The current stable GNU Mailman version is 2.1.14, released on 20-Sep-2010.
Comment 6 MZMcBride 2011-02-05 20:46:34 UTC
According to Mark yesterday (February 4, 2011) in #wikimedia-operations: "mailman will be moved to a new box and upgraded in the process soon"
Comment 7 Casey Brown 2011-06-20 02:04:45 UTC
(In reply to comment #6)
> According to Mark yesterday (February 4, 2011) in #wikimedia-operations:
> "mailman will be moved to a new box and upgraded in the process soon"

Does anyone know if it was ever moved?  Bark?
Comment 8 Sam Reed (reedy) 2011-07-06 20:10:30 UTC
Removing "shell" keyword for things that aren't directly doable by shell users etc
Comment 9 Sam Reed (reedy) 2011-07-06 20:31:29 UTC
Adding ops keyword
Comment 10 Sam Reed (reedy) 2011-07-06 20:32:00 UTC
Removing shell keyword if exists
Comment 11 Mark A. Hershberger 2011-07-16 21:05:54 UTC
http://rt.wikimedia.org/Ticket/Display.html?id=1176
Comment 12 Siebrand Mazeland 2011-08-28 22:04:03 UTC
Mailman 2.1.9 being vulnerable to various XSS attacks has been reported in OTRS ticket 2011082210003661, too. According to http://www.list.org/, the current stable GNU Mailman version is 2.1.14, released on 20-Sep-2010, as also mentioned almost a year ago in comment 5 by Ashar.
Comment 13 MZMcBride 2011-08-29 00:48:45 UTC
(In reply to comment #12)
> Mailman 2.1.9 being vulnerable to various XSS attacks has been reported in OTRS
> ticket 2011082210003661, too. According to http://www.list.org/, the current
> stable GNU Mailman version is 2.1.14, released on 20-Sep-2010, as also
> mentioned almost a year ago in comment 5 by Ashar.

If there are XSS vulnerabilities, that warrants an increased importance rating, in my view. And makes this no longer an enhancement. Not that these drop-downs really mean much, but still...
Comment 14 Mark Bergsma 2012-01-19 17:01:08 UTC
Mailman has been moved to a new server, and in the process was upgraded to the version in Ubuntu Lucid, 2.1.13.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links