Subj : [$] The mystery of the Mailman 2 CVEs
To   : All
From : LWN.net
Date : Thu May 01 2025 19:11:08


Many eyebrows were raised recently when three vulnerabilities were announced
that allegedly impact GNU˙Mailman 2.1,
since many folks assumed that it was no longer being supported. That's
not quite the case. Even though version˙3 of
the GNU Mailman mailing-list manager has been available
since˙2015, and version˙2 was declared (mostly) end of life
(EOL) in˙2020, there are still plenty of users and projects still
using version˙2.1.x. There is, as it turns out, a big difference between
mostly EOL and actually EOL. For example: WebPros, the company behind the cPanel server and web-site-management
platform, still maintains a port of
Mailman˙2.1.x to Python˙3 for its customers and was
quick to respond to reports of vulnerabilities. However, the
company and upstream Mailman project dispute that the CVEs are
valid.

https://lwn.net/Articles/1019149/
--- SBBSecho 3.24-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)

.