On Sat, 2004-05-15 at 19:22, Barry Warsaw wrote:

...

This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version.

Could you be more specific about the exploit? Is there a CVE or CAN open against it? I assume given the public announcement this is not an embargoed security exploit, or is it?

Also: what versions of mailman are affected?

A.