[Mailman-Users] security heads up - path traversal with 2.1.5
Kai Schaetzl
maillists at conactive.com
Thu Feb 10 00:31:33 CET 2005
Chuq Von Rospach wrote on Wed, 9 Feb 2005 12:47:34 -0800:
> Either way, something like this should have been left to the project
> developers (i.e. barry) to disclose.
Correct. But it's out and it's not Ron to blame, so I don't see a reason
for slapping Ron for posting it finally to the list.
> putting it on THIS list before the formal patches are ready is a great
> way to teach everyone who didn't come up with the attack what it is,
> while mailman sites don't have a patch to solve it. Before, only a few
> people knew about it (including, obviously, some blackhats). now, lots
> of folks do. That makes life worse, not better, for lots of us.
This is not meant as an offense, but this is nonsense. It's been released
on full-disclosure. That's enough to inform everyone who's interested in
harming others. Posting it here, doesn't add anything to that.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
More information about the Mailman-Users
mailing list