[Mailman-Developers] Handling potential security bugs
Florian Weimer
fw at deneb.enyo.de
Wed Dec 22 15:46:45 CET 2004
* Barry Warsaw:
> On Wed, 2004-12-22 at 05:40, Florian Weimer wrote:
>
>> where should I submit security bugs? There are two more in my queue
>> (minor ones, admittedly, as no server-side code execution is
>> involved).
>
> As a general rule, you can post security issues to
> mailman-cabal at python.org, which is a closed distribution list.
Thanks.
> I will try to find some time in the next few days to respond to the
> previous password issue.
As this bug is now publicly documented, I've submitted a patch to the
Debian BTS: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796>
Unfortunately, this patch is not portable because it relies on the
existence of /dev/urandom.
More information about the Mailman-Developers
mailing list