aboutsummaryrefslogtreecommitdiffstats
path: root/admin/www/security.html
diff options
context:
space:
mode:
authorbwarsaw <>2006-08-30 14:55:23 +0000
committerbwarsaw <>2006-08-30 14:55:23 +0000
commit01badf5c6b00ed72ce799064c9a567ab8f34e369 (patch)
treeb009b9b47c82717bcc5488648596348b32b6108a /admin/www/security.html
parent0cee915eeb5f8f99ed036d257b1103c28373eb5b (diff)
downloadmailman2-01badf5c6b00ed72ce799064c9a567ab8f34e369.tar.gz
mailman2-01badf5c6b00ed72ce799064c9a567ab8f34e369.tar.xz
mailman2-01badf5c6b00ed72ce799064c9a567ab8f34e369.zip
Make a sweep through the web pages to update various bits of information.
This is in prep for the 2.1.9 release.
Diffstat (limited to '')
-rw-r--r--admin/www/security.html76
1 files changed, 21 insertions, 55 deletions
diff --git a/admin/www/security.html b/admin/www/security.html
index 0bfbe3cf..52b2b194 100644
--- a/admin/www/security.html
+++ b/admin/www/security.html
@@ -2,7 +2,7 @@
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
-<!-- Mon May 30 15:49:40 2005 -->
+<!-- Tue Aug 29 11:04:14 2006 -->
<!-- USING HT2HTML 2.0 -->
<!-- SEE http://ht2html.sf.net -->
<!-- User-specified headers:
@@ -81,50 +81,48 @@ body { margin: 0px; }
Overview
</font></b></td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="index.html">Home</a>
+<a href="index.html">Home</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
<a href="security.html">Security</li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="features.html">Features</a>
+<a href="features.html">Features</a></li>
</td></tr>
+<tr><td bgcolor="#eecfa1">&nbsp;</td></tr>
+<tr><td bgcolor="#36648b"><b><font color="#ffffff">
+More Information
+</font></b></td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="i18n.html">Internationalization</a>
+<a href="http://wiki.list.org">Wiki</a> <i>(exit)</i></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="otherstuff.html">Rants, Papers, and Logos</a>
+<a href="lists.html">Discussion Lists</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="inthenews.html">Mailman in Use</a>
+<a href="http://sf.net/projects/mailman">SF Project Page</a>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="prev.html">Previous Releases</a>
+<a href="otherstuff.html">Rants, Papers, and Logos</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="bugs.html">Bugs and Patches</a>
+<a href="bugs.html">Bugs and Patches</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="mirrors.html">Mirrors</a>
+<a href="mirrors.html">Mirrors</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">&nbsp;</td></tr>
<tr><td bgcolor="#36648b"><b><font color="#ffffff">
-Exits
+Related Links <i>(exits)</i>
</font></b></td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="http://sf.net/projects/mailman">SF Project Page</a>
-</td></tr>
-<tr><td bgcolor="#eecfa1">
-<a href="lists.html">Discussion Lists</a>
-</td></tr>
-<tr><td bgcolor="#eecfa1">
-<a href="http://www.python.org/">Python</a>
+<a href="http://www.python.org/">Python</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="http://www.gnu.org/">GNU</a>
+<a href="http://www.gnu.org/">GNU</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">
-<a href="http://barry.warsaw.us/">Barry Warsaw</a>
+<a href="http://barry.warsaw.us/">Barry Warsaw</a></li>
</td></tr>
<tr><td bgcolor="#eecfa1">&nbsp;</td></tr>
<tr><td bgcolor="#36648b"><b><font color="#ffffff">
@@ -148,7 +146,7 @@ Email Us
&nbsp;
</td></tr>
<tr><td bgcolor="#eecfa1">
-&copy; 1998-2005
+&copy; 1998-2006
Free Software Foundation, Inc. Verbatim copying and distribution of this
entire article is permitted in any medium, provided this notice is preserved.
@@ -167,41 +165,9 @@ concerns should be emailed to
<a href="mailto:%6D%61%69%6C%6D%61%6E%2D%73%65%63%75%72%69%74%79%40%70%79%74%68%6F%6E%2E%6F%72%67">mailman-security at python dot org</a>.
This is a closed list that reaches the core Mailman developers.
-<h3>Known issues and fixes</h3>
-
-<ul>
-
-<li><b>CAN-2005-0202</b> -- This is a very serious issue affecting the Mailman
-2.1 series up to and including version 2.1.5. <b>Mailman 2.1.6 is not
-affected</b>. This issue can allow for the leakage of member passwords.
-
-<p>A quick, immediate fix is to remove the /usr/local/mailman/cgi-bin/private
-executable. However, this will break any private archives your lists may be
-using. See below for a proper patch.
-
-<p>The extent of your exposure to this vulnerability depends on factors such
-as which version of Apache you are running and how you have it configured. We
-do not currently know the exact combination that enables the hole, although we
-currently believe that Apache 2.0 sites are not vulnerable and that that many
-if not most Apache 1.3 sites are vulnerable. In any event, the safest
-approach is to assume the worst and it is recommended that you apply
-<a href="CAN-2005-0202.txt">this Mailman patch</a> as soon as possible.
-
-<p>For additional peace of mind, it is
-recommended that you regenerate your list member passwords using
-<a href="reset_pw.py">the Mailman 2.1.6 reset_pw.py script</a>. Put this file
-in your Mailman installation's bin directory. After running the script, you
-might also want to manually run the cron/mailpasswds script so that your users
-will be informed of their new passwords.
-
-<p>Credit goes to Marcus Meissner for finding this issue.
-</li>
-
-<li><b>Mailman 2.1.6</b> -- allows for more cryptographically secure (but less
-user-friendly) list admin and auto-generated user passwords. Also, a
-potential cross-site scripting hole has been closed.
-
-</ul>
+<p>To ensure the highest security of your Mailman site, it is always best to
+run the latest release. If you are not running the latest release, please
+upgrade before reporting security issues.
</td><!-- end of body cell -->
</tr><!-- end of sidebar/body row -->