[Mailman-Users] Is mailman vulnerable to the httpoxy bug?

Mark Sapiro mark at msapiro.net
Wed Jul 20 15:02:13 EDT 2016

On 07/19/2016 02:10 PM, Perry E. Metzger wrote:
> https://httpoxy.org/ seems to impact any python program (among many
> others) that runs under cgi. Does it cause trouble for mailman? What
> is a reasonable mitigation?

I am not an expert on httpoxy at all, but quoting from

"httpoxy is a vulnerability for server-side web applications. If you’re
not deploying code, you don’t need to worry."

Mailman's web UI serves end user HTML pages. It does not deploy code.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list