[Mailman-Users] security heads up - path traversal with 2.1.5

[Kai Schaetzl]

Chuq Von Rospach wrote on Wed, 9 Feb 2005 12:47:34 -0800:

> Either way, something like this should have been left to the project 
> developers (i.e. barry) to disclose. 

Correct. But it's out and it's not Ron to blame, so I don't see a reason 
for slapping Ron for posting it finally to the list.

> putting it on THIS list before the formal patches are ready is a great 
> way to teach everyone who didn't come up with the attack what it is, 
> while mailman sites don't have a patch to solve it. Before, only a few 
> people knew about it (including, obviously, some blackhats). now, lots 
> of folks do. That makes life worse, not better, for lots of us.

This is not meant as an offense, but this is nonsense. It's been released 
on full-disclosure. That's enough to inform everyone who's interested in 
harming others. Posting it here, doesn't add anything to that.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org