[Mailman-Developers] Re: [Mailman-Announce] RELEASED Mailman 2.1.5
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Tue May 18 22:17:52 EDT 2004
Hi John and Hi Barry.
John Dennis wrote:
> On Sat, 2004-05-15 at 19:22, Barry Warsaw wrote:
>
>>This version also contains a fix
>>for an exploit that could allow 3rd parties to retrieve member
>>passwords. It is thus highly recommended that all existing sites
>>upgrade to the latest version.
>
>
> Could you be more specific about the exploit? Is there a CVE or CAN open
> against it? I assume given the public announcement this is not an
> embargoed security exploit, or is it?
>
The exploit is very easy for anyone who can view the source (and diff)
with curiosity. So, we should send CVE/CAN ASAP, I think.
--
Tokio
More information about the Mailman-Developers
mailing list