[Bug 266220] Re: Approved: only removed from text/plain part

Johnathan Ritzi 266220 at bugs.launchpad.net
Tue Oct 11 20:52:24 CEST 2011


I believe all I did in that case was to copy and paste the "Approved"
line from a previous email I sent, and it somehow got mutilated with
HTML...

I think rejection if you find the password in the stripped-out HTML part
is a great idea. The dangerous part of this bug is that a failure in
parsing can lead to an admin password being broadcast over email to
hundreds of people. It seems like Mailman should either require the
header or plain-text email and not even allow HTML emails, or ensure
(via some liberal matching) that the password isn't going to get sent
out if parsing fails.

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/266220

Title:
  Approved: only removed from text/plain part

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/266220/+subscriptions


More information about the Mailman-coders mailing list