Subj : [$] The mystery of the Mailman 2 CVEs
To   : All
From : LWN.net
Date : Wed Apr 30 2025 18:15:07

[$] The mystery of the Mailman 2 CVEs

Date:
Wed, 30 Apr 2025 17:06:06 +0000

Description:
Many eyebrows were raised recently when three vulnerabilities were announced
that allegedly impact GNUMailman 2.1,
since many folks assumed that it was no longer being supported. That's
not quite the case. Even though version3 of
the GNU Mailman mailing-list manager has been available
since2015, and version2 was declared (mostly) end of life
(EOL) in2020, there are still plenty of users and projects still
using version2.1.x. There is, as it turns out, a big difference between 
mostly EOL and actually EOL. For example: WebPros , the company behind the 
cPanel server and web-site-management
platform, still maintains a port of
Mailman2.1.x to Python3 for its customers and was
quick to respond to reports of vulnerabilities. However, the
company and upstream Mailman project dispute that the CVEs are
valid.

======================================================================
Link to news story:
https://lwn.net/Articles/1019149/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.