Many eyebrows were raised recently when three vulnerabilities were announced that allegedly impact GNU˙Mailman 2.1,
since many folks assumed that it was no longer being supported. That's
not quite the case. Even though version˙3 of
the GNU Mailman mailing-list manager has been available
since˙2015, and version˙2 was declared (mostly) end of life
(EOL) in˙2020, there are still plenty of users and projects still
using version˙2.1.x. There is, as it turns out, a big difference between
mostly EOL and actually EOL. For example: WebPros, the company behind the cPanel server and web-site-management
platform, still maintains a port of
Mailman˙2.1.x to Python˙3 for its customers and was
quick to respond to reports of vulnerabilities. However, the
company and upstream Mailman project dispute that the CVEs are
valid.
https://lwn.net/Articles/1019149/
--- SBBSecho 3.24-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)