[Mailman-Users] security heads up - path traversal with 2.1.5
Brad Knowles
brad at stop.mail-abuse.org
Wed Feb 9 21:34:24 CET 2005
At 12:08 PM -0800 2005-02-09, Ron Brogden wrote:
> Hello Brad. I was under the impression that the Mailman team already knew
> about this issue which is why I didn't go through the above procedure.
That's why I said "Generally speaking". I wasn't aware that
Barry had suggested a fix, or that he was aware of the issue.
> I definitely apologize if that is not the case and I meant no disrespect.
Not a problem. There were additional facts regarding the issue
of which I was not aware.
> The reason I posted is that this issue now out in the wild so there is little
> point being quiet about it. Giving users a heads up allows them to protect
> themselves while they wait for an official patch and announcement.
Absolutely. Not a problem. It's something that could be
reasonably easily worked around by the admin, and people should be
notified.
I apologize for the confusion, or if I made you feel like I was
jumping on you.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list