[Mailman-Developers] Re: [Mailman-Announce] Critical security
update for Mailman 2.1.5 and earlier
John Dennis
jdennis at redhat.com
Thu Feb 10 18:35:45 CET 2005
On Thu, 2005-02-10 at 17:24 +0000, Richard Barrett wrote:
> As an aside, I am not able to:
>
> 1. identify exactly what the exploit is.
>
> 2. see why it impacts solely on private archive access via private.py.
>
> 3. why Apache version is relevant to private.py operates unless the
> PATH_INFO environment variable value being set up for the CGI script by
> Apache is a result of version-dependent processing done by Apache on
> the request URI.
Please, lets not discuss the recipe for the attack on an open mailing
list.
--
John Dennis <jdennis at redhat.com>
More information about the Mailman-Developers
mailing list