Secure testing team - Oct 2010 - Bug#599833: CVE-2010-3089

Package: mailman
Severity: grave
Tags: security

Hi,
http://security-tracker.debian.org/tracker/CVE-2010-3089 needs to be
fixed for Squeeze.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages mailman depends on:
ii  adduser                       3.112      add and remove users and groups
pn  apache2 | httpd               <none>     (no description available)
ii  cron                          3.0pl1-114 process scheduling daemon
ii  debconf [debconf-2.0]         1.5.35     Debian configuration management sy
ii  exim4-daemon-light [mail-tran 4.72-1     lightweight Exim MTA (v4) daemon
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
ii  logrotate                     3.7.8-6    Log rotation utility
ii  lsb-base                      3.2-23.1   Linux Standard Base 3.2 init scrip
pn  pwgen                         <none>     (no description available)
ii  python                        2.6.5-13   interactive high-level object-orie
ii  python-support                1.0.9      automated rebuilding support for P
ii  ucf                           3.0025     Update Configuration File: preserv

mailman recommends no packages.

Versions of packages mailman suggests:
pn  listadmin                     <none>     (no description available)
pn  lynx                          <none>     (no description available)
ii  spamassassin                  3.3.1-1    Perl-based spam filter using text