[Mailman-Users] any info on this reported exploit?

Brad Knowles brad at stop.mail-abuse.org
Sun Jan 29 11:40:18 CET 2006

At 2:11 PM -0500 2006-01-28, Jim Popovitch wrote:

>  The whole reason for me waxing so passionately on this thread is the
>  earlier suggestion that Diana shouldn't have even emailed mailman-users,
>  but rather mailman-security and kept it quiet thereafter (this after it
>  was already released over at securityfocus.com).

	Correct.  See FAQ 1.27.  That is the official Security Policy of 
this mailing list, and that information is included in the footer of 
every single mail message which passes through this list.

	In this case, no harm was done, since the bug had already been 
"fixed" through the work that Tokio had done in creating the next 
release of the code, and the real problem was the disconnect in what 
we were calling the bug and what they were calling it.  But the 
potential was certainly there.

	But if you can't adhere to the official Security Policy of this 
mailing list, then you shouldn't be posting here, and you shouldn't 
be subscribed.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.

More information about the Mailman-Users mailing list