[Mailman-Users] any info on this reported exploit?
brad at stop.mail-abuse.org
Sun Jan 29 11:40:18 CET 2006
At 2:11 PM -0500 2006-01-28, Jim Popovitch wrote:
> The whole reason for me waxing so passionately on this thread is the
> earlier suggestion that Diana shouldn't have even emailed mailman-users,
> but rather mailman-security and kept it quiet thereafter (this after it
> was already released over at securityfocus.com).
Correct. See FAQ 1.27. That is the official Security Policy of
this mailing list, and that information is included in the footer of
every single mail message which passes through this list.
In this case, no harm was done, since the bug had already been
"fixed" through the work that Tokio had done in creating the next
release of the code, and the real problem was the disconnect in what
we were calling the bug and what they were calling it. But the
potential was certainly there.
But if you can't adhere to the official Security Policy of this
mailing list, then you shouldn't be posting here, and you shouldn't
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users