[Mailman-Users] security heads up - path traversal with 2.1.5
Kai Schaetzl
maillists at conactive.com
Thu Feb 10 17:31:28 CET 2005
Brad Knowles wrote on Thu, 10 Feb 2005 02:32:18 +0100:
> However, I also take Chuq's point that all security announcements
> to this list, and all related mailman mailing lists hosted on
> python.org, should be made by Barry or one of the other core
> developers.
>
This was not a "security announcement". And the posting on full-disclosure
wasn't really a "disclosure". full-disclosure account passwords itself got
hacked and this was an alert for the list members about this fact and the
cause. It's also on MITRE and got publicized via news sites. It's an
*actively exploited* security hole, not a PoC or possible security
problem.
I really don't see any sense in insisting that informing about it here and
pointing to the source makes anyone more unsafe.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
More information about the Mailman-Users
mailing list