From ceb88caaee06806576bbaab2a4a313d9e7823d07 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Thu, 3 Sep 2009 11:12:06 -0700
Subject: Inadvertently setting a null site or list password allowed access to
 a list's web admin interface without authentication.  Fixed by not accepting
 null passwords.

---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index cc3f2e48..f2228cc3 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,10 @@ Here is a history of user visible changes to Mailman.
 
   Bug Fixes and other patches
 
+    - Inadvertently setting a null site or list password allowed access
+      to a list's web admin interface without authentication.  Fixed by
+      not accepting null passwords.
+
     - Changed VERP_CONFIRM_REGEXP  in Defaults.py to work if the replying
       MUA folds the To: header and in cases where the list name includes '+'.
 
-- 
cgit v1.2.3