[Mailman-Users] security heads up - path traversal with 2.1.5
Ron Brogden
rb at islandnet.com
Wed Feb 9 21:08:38 CET 2005
On February 9, 2005 11:52, Brad Knowles wrote:
> Generally speaking, notices of security issues should be dealt
> with according to the instructions at
> <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp>.
Hello Brad. I was under the impression that the Mailman team already knew
about this issue which is why I didn't go through the above procedure.
From the post to the full-disclosure list:
"Expect vendor advisories nearer the end of the week, for now here is a
suggested fix from Barry Warsaw".
I definitely apologize if that is not the case and I meant no disrespect.
The reason I posted is that this issue now out in the wild so there is little
point being quiet about it. Giving users a heads up allows them to protect
themselves while they wait for an official patch and announcement.
IMHO of course.
Ron
More information about the Mailman-Users
mailing list