[Mailman-Users] security heads up - path traversal with 2.1.5
Florian Weimer
fw at deneb.enyo.de
Mon Feb 14 14:09:03 CET 2005
* Brad Knowles:
> At 1:24 PM +0100 2005-02-14, Florian Weimer wrote:
>
>> Who has a say in the disclosure of a security bug?
>
> In terms of who can post such things to this list? Well, as one
> of the core developers for Mailman, Chuq is one of the very few
> people who can have an absolute say in that.
The underlying assumption seems to be that Mailman security bugs can
only be disclosed by posting them on the Mailman lists. This is just
not true, there are plenty of different ways of disseminating security
bugs (includign selling it to CERT/CC or iDefense). I can't really
understand your apparent intent to prevent discussions about bugs
which were disclosed elsewhere. I simply fail to see any benefits for
you or your users.
More information about the Mailman-Users
mailing list