[Mailman-Developers] Handling potential security bugs

Florian Weimer fw at deneb.enyo.de
Wed Dec 22 15:46:45 CET 2004

* Barry Warsaw:

> On Wed, 2004-12-22 at 05:40, Florian Weimer wrote:
>> where should I submit security bugs?  There are two more in my queue
>> (minor ones, admittedly, as no server-side code execution is
>> involved).
> As a general rule, you can post security issues to
> mailman-cabal at python.org, which is a closed distribution list.


> I will try to find some time in the next few days to respond to the
> previous password issue.

As this bug is now publicly documented, I've submitted a patch to the
Debian BTS: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796>

Unfortunately, this patch is not portable because it relies on the
existence of /dev/urandom.

More information about the Mailman-Developers mailing list