[Mailman-Users] security heads up - path traversal with 2.1.5

Ron Brogden rb at islandnet.com
Wed Feb 9 21:08:38 CET 2005

On February 9, 2005 11:52, Brad Knowles wrote:
>  Generally speaking, notices of security issues should be dealt 
> with according to the instructions at 
> <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp>.

Hello Brad.  I was under the impression that the Mailman team already knew 
about this issue which is why I didn't go through the above procedure.   

From the post to the full-disclosure list: 

"Expect vendor advisories nearer the end of the week, for now here is a 
suggested fix from Barry Warsaw".  

I definitely apologize if that is not the case and I meant no disrespect.

The reason I posted is that this issue now out in the wild so there is little 
point being quiet about it.  Giving users a heads up allows them to protect 
themselves while they wait for an official patch and announcement.

IMHO of course.


More information about the Mailman-Users mailing list