Navigation
Search
|
[$] The mystery of the Mailman 2 CVEs
Wednesday April 30, 2025. 07:06 PM , from LWN.net
Many eyebrows were raised recently when three vulnerabilities were announced
that allegedly impact GNU Mailman 2.1, since many folks assumed that it was no longer being supported. That's not quite the case. Even though version 3 of the GNU Mailman mailing-list manager has been available since 2015, and version 2 was declared (mostly) end of life (EOL) in 2020, there are still plenty of users and projects still using version 2.1.x. There is, as it turns out, a big difference between mostly EOL and actually EOL. For example: WebPros, the company behind the cPanel server and web-site-management platform, still maintains a port of Mailman 2.1.x to Python 3 for its customers and was quick to respond to reports of vulnerabilities. However, the company and upstream Mailman project dispute that the CVEs are valid.
https://lwn.net/Articles/1019149/
Related News |
25 sources
Current Date
Jun, Sun 1 - 21:23 CEST
|