[Bug 871415] [NEW] "Approved:" password not stripped when list in BCC

Johnathan Ritzi 871415 at bugs.launchpad.net
Sun Oct 9 21:01:07 CEST 2011

*** This bug is a security vulnerability ***

Private security bug reported:

I'm using Mailman 2.1.13 to set up lists where no subscriber can mail
the list without "Approved: <password>" being on the first line. This
works according to Mailman documentation when I send "To:" the list (the
"Approved:" line is stripped out of the email before it is forwarded
along to the list). However, if I leave the "To:" field blank and
instead BCC the list, the email gets forwarded along _without_ the
approval password being stripped (in other words, the password is
broadcast to the entire list).

** Affects: mailman
     Importance: Undecided
         Status: New

You received this bug notification because you are a member of Mailman
Coders, which is subscribed to the bug report.

  "Approved:" password not stripped when list in BCC

To manage notifications about this bug go to:

More information about the Mailman-coders mailing list