[Bug 1859104] [NEW] It is possible to mailbomb a third party by repeatedly posting the subscribe form.
Public bug reported: This can be prevented by refusing to pend a subscription when one is already pending, but that means if a subscriber loses or doesn't receive the confirmation request email, she has to wait PENDING_REQUEST_LIFE (default 3 days) before she can request another. It can also be avoided by setting the list's subscribe_policy to Moderate, but that may not be desirable in many cases. Because of these considerations, I will implement the refusal to pend a subscription when one is already pending, but make that depend on a new REFUSE_SECOND_PENDING mm_cfg.py setting. ** Affects: mailman Importance: Medium Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1859104 Title: It is possible to mailbomb a third party by repeatedly posting the subscribe form. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions
** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1859104 Title: It is possible to mailbomb a third party by repeatedly posting the subscribe form. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions
** Changed in: mailman Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1859104 Title: It is possible to mailbomb a third party by repeatedly posting the subscribe form. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions
** Changed in: mailman Status: Fix Committed => Fix Released ** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1859104 Title: It is possible to mailbomb a third party by repeatedly posting the subscribe form. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1859104/+subscriptions
participants (2)
-
Launchpad Bug Tracker
-
Mark Sapiro