diff options
| author | bwarsaw <> | 2006-08-30 14:55:23 +0000 |
|---|---|---|
| committer | bwarsaw <> | 2006-08-30 14:55:23 +0000 |
| commit | 01badf5c6b00ed72ce799064c9a567ab8f34e369 (patch) | |
| tree | b009b9b47c82717bcc5488648596348b32b6108a /admin/www/security.html | |
| parent | 0cee915eeb5f8f99ed036d257b1103c28373eb5b (diff) | |
| download | mailman2-01badf5c6b00ed72ce799064c9a567ab8f34e369.tar.gz mailman2-01badf5c6b00ed72ce799064c9a567ab8f34e369.tar.xz mailman2-01badf5c6b00ed72ce799064c9a567ab8f34e369.zip | |
Make a sweep through the web pages to update various bits of information.
This is in prep for the 2.1.9 release.
Diffstat (limited to 'admin/www/security.html')
| -rw-r--r-- | admin/www/security.html | 76 |
1 files changed, 21 insertions, 55 deletions
diff --git a/admin/www/security.html b/admin/www/security.html index 0bfbe3cf..52b2b194 100644 --- a/admin/www/security.html +++ b/admin/www/security.html @@ -2,7 +2,7 @@ "http://www.w3.org/TR/html4/loose.dtd" > <html> <!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. --> -<!-- Mon May 30 15:49:40 2005 --> +<!-- Tue Aug 29 11:04:14 2006 --> <!-- USING HT2HTML 2.0 --> <!-- SEE http://ht2html.sf.net --> <!-- User-specified headers: @@ -81,50 +81,48 @@ body { margin: 0px; } Overview </font></b></td></tr> <tr><td bgcolor="#eecfa1"> -<a href="index.html">Home</a> +<a href="index.html">Home</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> <a href="security.html">Security</li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="features.html">Features</a> +<a href="features.html">Features</a></li> </td></tr> +<tr><td bgcolor="#eecfa1"> </td></tr> +<tr><td bgcolor="#36648b"><b><font color="#ffffff"> +More Information +</font></b></td></tr> <tr><td bgcolor="#eecfa1"> -<a href="i18n.html">Internationalization</a> +<a href="http://wiki.list.org">Wiki</a> <i>(exit)</i></li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="otherstuff.html">Rants, Papers, and Logos</a> +<a href="lists.html">Discussion Lists</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="inthenews.html">Mailman in Use</a> +<a href="http://sf.net/projects/mailman">SF Project Page</a> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="prev.html">Previous Releases</a> +<a href="otherstuff.html">Rants, Papers, and Logos</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="bugs.html">Bugs and Patches</a> +<a href="bugs.html">Bugs and Patches</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="mirrors.html">Mirrors</a> +<a href="mirrors.html">Mirrors</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> </td></tr> <tr><td bgcolor="#36648b"><b><font color="#ffffff"> -Exits +Related Links <i>(exits)</i> </font></b></td></tr> <tr><td bgcolor="#eecfa1"> -<a href="http://sf.net/projects/mailman">SF Project Page</a> -</td></tr> -<tr><td bgcolor="#eecfa1"> -<a href="lists.html">Discussion Lists</a> -</td></tr> -<tr><td bgcolor="#eecfa1"> -<a href="http://www.python.org/">Python</a> +<a href="http://www.python.org/">Python</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="http://www.gnu.org/">GNU</a> +<a href="http://www.gnu.org/">GNU</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> -<a href="http://barry.warsaw.us/">Barry Warsaw</a> +<a href="http://barry.warsaw.us/">Barry Warsaw</a></li> </td></tr> <tr><td bgcolor="#eecfa1"> </td></tr> <tr><td bgcolor="#36648b"><b><font color="#ffffff"> @@ -148,7 +146,7 @@ Email Us </td></tr> <tr><td bgcolor="#eecfa1"> -© 1998-2005 +© 1998-2006 Free Software Foundation, Inc. Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved. @@ -167,41 +165,9 @@ concerns should be emailed to <a href="mailto:%6D%61%69%6C%6D%61%6E%2D%73%65%63%75%72%69%74%79%40%70%79%74%68%6F%6E%2E%6F%72%67">mailman-security at python dot org</a>. This is a closed list that reaches the core Mailman developers. -<h3>Known issues and fixes</h3> - -<ul> - -<li><b>CAN-2005-0202</b> -- This is a very serious issue affecting the Mailman -2.1 series up to and including version 2.1.5. <b>Mailman 2.1.6 is not -affected</b>. This issue can allow for the leakage of member passwords. - -<p>A quick, immediate fix is to remove the /usr/local/mailman/cgi-bin/private -executable. However, this will break any private archives your lists may be -using. See below for a proper patch. - -<p>The extent of your exposure to this vulnerability depends on factors such -as which version of Apache you are running and how you have it configured. We -do not currently know the exact combination that enables the hole, although we -currently believe that Apache 2.0 sites are not vulnerable and that that many -if not most Apache 1.3 sites are vulnerable. In any event, the safest -approach is to assume the worst and it is recommended that you apply -<a href="CAN-2005-0202.txt">this Mailman patch</a> as soon as possible. - -<p>For additional peace of mind, it is -recommended that you regenerate your list member passwords using -<a href="reset_pw.py">the Mailman 2.1.6 reset_pw.py script</a>. Put this file -in your Mailman installation's bin directory. After running the script, you -might also want to manually run the cron/mailpasswds script so that your users -will be informed of their new passwords. - -<p>Credit goes to Marcus Meissner for finding this issue. -</li> - -<li><b>Mailman 2.1.6</b> -- allows for more cryptographically secure (but less -user-friendly) list admin and auto-generated user passwords. Also, a -potential cross-site scripting hole has been closed. - -</ul> +<p>To ensure the highest security of your Mailman site, it is always best to +run the latest release. If you are not running the latest release, please +upgrade before reporting security issues. </td><!-- end of body cell --> </tr><!-- end of sidebar/body row --> |