[Mailman-Users] Emergency mail to everyone?
msapiro at value.net
Wed Jan 17 18:08:04 CET 2007
David Lee wrote:
>If the inbound email contains not only the plain text message but also its
> equivalent in HTML
>and if the "Approved:" is specified as the first line of the body rather
> than as a header
> the password is in danger of leaking outbound, being stripped only from
> the plain version but not from the HTML version where it could persist.
This was bug 1181161 which was fixed in Mailman 2.1.7, but there can
still be problems if 'Approved: password' gets split across lines in
quoted printable encoded alternative parts or gets base64 encoded.
It's on my list to fix these issues.
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users