aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorbwarsaw <>2005-02-10 14:11:38 +0000
committerbwarsaw <>2005-02-10 14:11:38 +0000
commitfafef5bbb4ddf780a20bc931c354e2aa8e15d607 (patch)
tree15337d24689f73f5c4918cb9e2afb538a790436e /admin
parentb2a8ab50ca10ff83839cd876f7f9a6495c33293c (diff)
downloadmailman2-fafef5bbb4ddf780a20bc931c354e2aa8e15d607.tar.gz
mailman2-fafef5bbb4ddf780a20bc931c354e2aa8e15d607.tar.xz
mailman2-fafef5bbb4ddf780a20bc931c354e2aa8e15d607.zip
Oops, forgot an update
Diffstat (limited to 'admin')
-rw-r--r--admin/www/security.html17
1 files changed, 11 insertions, 6 deletions
diff --git a/admin/www/security.html b/admin/www/security.html
index 4d7c40cb..28dbc474 100644
--- a/admin/www/security.html
+++ b/admin/www/security.html
@@ -2,7 +2,7 @@
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
-<!-- Thu Feb 10 08:31:48 2005 -->
+<!-- Thu Feb 10 09:10:56 2005 -->
<!-- USING HT2HTML 2.0 -->
<!-- SEE http://ht2html.sf.net -->
<!-- User-specified headers:
@@ -164,15 +164,20 @@ entire article is permitted in any medium, provided this notice is preserved.
The GNU Mailman developers take security very seriously. All Mailman security
concerns should be emailed to
-<mailto:mailman-security@python.org>mailman-security@python.org</a>. This is
-a closed list that reaches the core Mailman developers.
+<a href="mailto:%6D%61%69%6C%6D%61%6E%2D%73%65%63%75%72%69%74%79%40%70%79%74%68%6F%6E%2E%6F%72%67">mailman-security at python dot org</a>.
+This is a closed list that reaches the core Mailman developers.
<h3>Known issues and fixes</h3>
<ul>
-<li><b>CAN-2005-0202</b> -- This is a very serious issue affecting
-the Mailman 2.1 serious up to and including version 2.1.5. Mailman 2.1.6 is
-not vulnerable. This issue can allow for the leakage of member passwords.
+
+<li><b>CAN-2005-0202</b> -- This is a very serious issue affecting the Mailman
+2.1 series up to and including version 2.1.5. Mailman 2.1.6 is not
+affected. This issue can allow for the leakage of member passwords.
+
+<p>A quick, immediate fix is to remove the /usr/local/mailman/cgi-bin/private
+executable. However, this will break any private archives your lists may be
+using. See below for a proper patch.
<p>The extent of your exposure to this vulnerability depends on factors such
as which version of Apache you are running and how you have it configured. We