[Mailman-Users] Is mailman vulnerable to the httpoxy bug?

Perry E. Metzger perry at piermont.com
Fri Jul 22 11:57:30 EDT 2016

On Tue, 19 Jul 2016 17:25:00 -0400 Jim Popovitch <jimpop at gmail.com>
> On Tue, Jul 19, 2016 at 5:10 PM, Perry E. Metzger
> <perry at piermont.com> wrote:
> > https://httpoxy.org/ seems to impact any python program (among
> > many others) that runs under cgi. Does it cause trouble for
> > mailman? What is a reasonable mitigation?  
> If I understand the issue correctly (and admittedly It's kinda a new
> issue) this only affects proxied HTTP transactions, not HTTPS ones.

That is incorrect, so far as I can tell.

Perry E. Metzger		perry at piermont.com

More information about the Mailman-Users mailing list