*** This bug is a security vulnerability ***
Private security bug reported:
This is similar to but different from #1968443. The issue is on a list
with private rosters an attempt to log in to the options page with an
email address which is not a list member just returns the options login
page with no error, but attempt to login with an email address which is
a list member returns the page with a 401 status and an `Authentication
failed.` error message.
This could be used to fish for membership on a list with private
rosters.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/2015416
Title:
Membership information leak through options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/2015416/+subscriptions
Public bug reported:
Mailman often do not send emails to all addressees.
Usually a single recipient is lost, but sometimes 2 or 3.
there is a fragment from mailmans smtp log file, recipient count randomly changed from 28 to 27.
Mar 15 08:57:31 2018 (60449) <20180315065723.E829F124FB4(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.395 seconds
Mar 15 08:58:17 2018 (60449) <20180315065811.D36F512506A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.167 seconds
Mar 15 09:09:04 2018 (60449) <20180315070859.42309125071(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.148 seconds
Mar 15 09:13:47 2018 (60449) <20180315071331.34C3B12506A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.151 seconds
Mar 15 09:14:59 2018 (60449) <20180315071453.7FC1412506A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.082 seconds
Mar 15 09:15:54 2018 (60449) <20180315071548.217D912505D(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.249 seconds
Mar 15 09:16:59 2018 (60449) <20180315071623.0193912506A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.131 seconds
Mar 15 09:17:05 2018 (60449) <20180315071629.1FD64124FC5(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.143 seconds
Mar 15 09:17:27 2018 (60449) <20180315071645.194B212505A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.093 seconds
Mar 15 09:17:56 2018 (60449) <20180315071702.004EA12505A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.211 seconds
Mar 15 09:18:11 2018 (60449) <20180315071706.4F5F112505A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.089 seconds
Mar 15 09:18:20 2018 (60449) <20180315071711.BDFE412505A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.112 seconds
Mar 15 09:23:06 2018 (60449) <20180315072058.5882812506A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.129 seconds
Mar 15 09:23:34 2018 (60449) <20180315072217.AE70D125068(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.560 seconds
Mar 15 09:23:41 2018 (60449) <20180315072244.39896124733(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.061 seconds
list_members command always shows correct members count 28.
/usr/lib/mailman/bin/list_members dml-patch | wc -l
28
OS CentOS Linux release 7.4.1708
Using Mailman version: 2.1.15 (standart centos package)
The same problem was occur on Red Hat Enterprise Linux Server release 6.9 (Santiago) Mailman version: 2.1.12
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1756009
Title:
emails are not delivered to all recipients
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1756009/+subscriptions
