oss-sec mailing list archives
Re: 3 new CVE's in old branch of GNU mailman
From: Mats Wichmann <mats () wichmann us>
Date: Mon, 21 Apr 2025 10:53:28 -0600
On 4/21/25 10:08, Alan Coopersmith wrote:
3 new CVE's have been published for GNU Mailman 2.1.39, as bundled with cPaneland WHM, credited to Firudin Davudzada and Musazada Aydan.Note that upstream declared GNU Mailman 2.1 (which requires Python 2), to beend of life back in 2020, and recommends migrations to Mailman 3 (which uses Python 3 instead):
Sadly, a lot of people are stuck with these bundled environments from hosting services where the provider isn't going to provide any kind of upgrade path to Mailman 3. That's neither here nor there as to the vulnerabilities, just an observation (e.g. an open source project I work on gets free mailing list services from Pair Networks, a feature they've deprecated, although they promised at the time not to cut off existing lists. 2.1.39 only...).
Current thread:
- 3 new CVE's in old branch of GNU mailman Alan Coopersmith (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Thomas Ward (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Jim P. (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Thomas Ward (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Mats Wichmann (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Russ Allbery (Apr 21)
- <Possible follow-ups>
- Re: 3 new CVE's in old branch of GNU mailman Jeremy Reeder (May 08)