[Mailman-Users] Archives
Mark Sapiro
msapiro at value.net
Wed Dec 21 22:09:20 CET 2005
Raquel Rice wrote:
a 'private' in the src/ directory,
>> how does it compare to 'private.bad'.
>>=20
>> You could just try
>>=20
>> mv private.bad private
>>=20
>> and see what happens.
>>=20
>> --=20
>> Mark Sapiro=20
>
>It seems to me that the problem lies with the
>Debian maintainer of Mailman.
Yes, it seems so. For more insight on why this might be the case, see
the notes about CAN-2005-0202 at <http://www.list.org/security.html>.
>Thank you for helping me to see past the symptoms.
>
>I wonder what would happen if I just renamed "private.bad" to
>"private"?
That's what I was suggesting -
>> You could just try
>>
>> mv private.bad private
>>
>> and see what happens.
I think it will probably work.
You probably should look at the patch at
http://www.list.org/CAN-2005-0202.txt and at your
Mailman/Cgi/private.py file to see if you have this vulnerability in
your Mailman and either patch the file or download the Mailman 2.1.6
version from
<http://cvs.sourceforge.net/viewcvs.py/*checkout*/mailman/mailman/Mailman/Cgi/private.py?rev=2.16.2.3>
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list