[Bug 871415] [NEW] "Approved:" password not stripped when list in BCC
Johnathan Ritzi
871415 at bugs.launchpad.net
Sun Oct 9 21:01:07 CEST 2011
*** This bug is a security vulnerability ***
Private security bug reported:
I'm using Mailman 2.1.13 to set up lists where no subscriber can mail
the list without "Approved: <password>" being on the first line. This
works according to Mailman documentation when I send "To:" the list (the
"Approved:" line is stripped out of the email before it is forwarded
along to the list). However, if I leave the "To:" field blank and
instead BCC the list, the email gets forwarded along _without_ the
approval password being stripped (in other words, the password is
broadcast to the entire list).
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/871415
Title:
"Approved:" password not stripped when list in BCC
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/871415/+subscriptions
More information about the Mailman-coders
mailing list