1. Forum
  2. tqwNet
  3. TQW LINUX

  • [$] The mystery of the Mailman 2 CVEs

    From LWN.net@1337:1/100 to All on Wed Apr 30 18:15:07 2025
    [$] The mystery of the Mailman 2 CVEs

    Date:
    Wed, 30 Apr 2025 17:06:06 +0000

    Description:
    Many eyebrows were raised recently when three vulnerabilities were announced that allegedly impact GNUMailman 2.1,
    since many folks assumed that it was no longer being supported. That's
    not quite the case. Even though version3 of
    the GNU Mailman mailing-list manager has been available
    since2015, and version2 was declared (mostly) end of life
    (EOL) in2020, there are still plenty of users and projects still
    using version2.1.x. There is, as it turns out, a big difference between
    mostly EOL and actually EOL. For example: WebPros , the company behind the cPanel server and web-site-management
    platform, still maintains a port of
    Mailman2.1.x to Python3 for its customers and was
    quick to respond to reports of vulnerabilities. However, the
    company and upstream Mailman project dispute that the CVEs are
    valid.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1019149/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)