*** This bug is a security vulnerability ***
Private security bug reported:
Current 2.1 admindb interface have no link (or button) to logout the administrator/moderator. An administrator can logout from mailman from admin interface but a moderator cannot logout without zapping the moderator cookie by browser's function (if it is provided) or terminating the browser. The admindb web page should have a convenient 'logout' link.
Another inconvenience in admin logout funciton is that if the site-wide admin is allowed by mm_cfg.ALLOW_SITE_ADMIN_COOKIES then the administrator cannot logout with visiting the 'Logout' link in the admin page.
These bugs are fixed by lp:~tkikuchi/mailman/logout-enforcement and the branch was requested to merge into 2.1 series.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is a direct subscriber.
https://bugs.launchpad.net/bugs/769318
Title:
admindb should have 'logout' function
Public bug reported:
If a real name or comment in a From: or other sender header is RFC 2047
encoded and the decoding contains an unquoted comma or other special,
the Message methods get_sender() and get_senders() can return bogus
addresses leading to other issues.
A patch is attached.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/702516
Title:
RFC 2047 encoded From: header is not correctly parsed.
Public bug reported:
A list moderator receives a held message notification and attempts to
approve the message by replying to the third part (second attachment)
and including an Approved: <password> line as the first line of the
reply.
If the moderator's MUA base64 encodes the reply for i18n or other
reasons, the Approved: line is not found and the message is discarded.
** Affects: mailman
Importance: Undecided
Status: New
--
Reply to to part 3 of a held message notification containing a Approved: first body line fails if reply is base64 encoded.
https://bugs.launchpad.net/bugs/677115
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
Public bug reported:
The Spanish (es) translation of the bin/check_perms message "%(path)s
bad group (has: %(groupname)s, expected %(MAILMAN_GROUP)s)" is missing
the 's' in '%(path)s'. This prevents check_perms from reporting/fixing
group errors and any other problems not found before the first group
error.
** Affects: mailman
Importance: Undecided
Status: New
--
Missing format character in Spanish translation
https://bugs.launchpad.net/bugs/670988
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
Public bug reported:
Both the subscribe CGI and the user options CGI allow setting a password
with trailing whitespace, but options login strips the trailing
whitespace before validating. Thus, the user can't log in to the options
page.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: Triaged
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/778088
Title:
User can set a password with trailing whitespace which prevents login.
Public bug reported:
If respond_to_post_requests is Yes the notice to the poster of a held
post is From: the listname-bounces address. It should be from the
listname-owner address.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: Triaged
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/714424
Title:
Held message user notification should be from -owner, not -bounces
Public bug reported:
When attempting to build MM3 from source, the buildout phase of the
bootstrap fails. The code cannot recognize the version number of the MM
source.
This is because the regular expression in setup.py is looking for the
version to be enclosed by ", but the version.py file uses '.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: mm3
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/776122
Title:
Bootstrap phase of setup fails
Public bug reported:
The new mailman logo is very nice and cool. But, the reduced favicon
(mm-icon.png) looks rather shabby because of its limited size and
resolution. I redesigned the favicon by emphasizing the feature of
crescent like lines. I also make it a 'true' windows icon format so you
can put it on your desk top and make a link to your mailman site.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/782474
Title:
Re-design the mailman favicon
Public bug reported:
For a good, working Mailman 3.0 UI we have to handle the passwords for each user (needed when they subscribe/unsubscribe/want to access their settings page but also for the admins and listowners). Hence, we need to implement the possibility to check for passwords in the rest-client (I believe these are saved in the user table in the core DB) and/or a login function.
We should probably use https for the psw authentication.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: mailman3 rest-api
--
Login function needed in rest-client
https://bugs.launchpad.net/bugs/600780
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
Public bug reported:
The i18n templates for site customization are specified to be in
<template_dir>/site/ etc., a part of the tree, rather than being placed
in <var_dir> (outside the tree)
Solution, move them to <var_dir>/templates/site/
** Affects: mailman
Importance: Undecided
Status: New
** Tags: mailman3
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/788309
Title:
Site configuration customization unnecessarily stored in tree