Linux Today: Linux News On Internet Time.

More on LinuxToday

Release Digest: GNU: July 13, 2002

Jul 12, 2002, 23:30 (0 Talkback[s])


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Mailman 2.0.12

I've released version 2.0.12 of Mailman, the GNU Mailing List Manager.
Mailman is released under the GNU General Public License (GPL).
Version 2.0.12 fixes a cross-site scripting vulnerability among other
changes.  I recommend that folks upgrade their 2.0.x systems to this
new version.  See below for a NEWS file excerpt.

GNU Mailman is software to help manage electronic mail discussion
lists.  Mailman gives each mailing list a unique web page and allows
users to subscribe, unsubscribe, and change their account options over
the web.  Even the list manager can administer his or her list
entirely via the web.  Mailman has most of the features that people
want in a mailing list management system, including built-in
archiving, mail-to-news gateways, spam filters, bounce detection,
digest delivery, and so on.

Mailman is compatible with most web servers, web browsers, and mail
servers.  It runs on any Unix-like operating system.  Mailman 2.0.12
requires Python 1.5.2 or newer.  To install Mailman from source, you
will need a C compiler.

For more information on Mailman, including links to file downloads,
please see any of the Mailman mirror web pages:


Patches and source tarballs are available at


There are email lists (managed by Mailman, of course!) for both
Mailman users and developers.  See the web sites above for details.


-------------------- snip snip --------------------
2.0.12 (02-Jul-2002)

    - Implemented a guard against some reply loops and 'bot
      subscription attacks.  Specifically, if a message to -request
      has a Precedence: bulk (or list, or junk) header, the command is
      ignored.  Well-behaved 'bots should always include such a

    - Changes to the configure script so that you can pass in the mail
      host and web host by setting the environment variables MAILHOST
      and WWWHOST respectively.  configure will also exit if it can't
      figure out these values (usually due to broken dns).

    - Closed another minor cross-site scripting vulnerability.