From VM Wed Mar 7 11:06:03 2001 X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil] [nil "Tuesday" "6" "March" "2001" "09:29:58" "-0800" "Mail Delivery System" "MAILER-DAEMON@keftamail.com" nil "185" "Undelivered Mail Returned to Sender" "^From:" nil nil "3" nil nil nil nil nil] nil) Return-Path: Delivered-To: bwarsaw@wooz.org Received: from digicool.com (host15.digitalcreations.d.subnet.rcn.com [208.59.6.15]) by mail.wooz.org (Postfix) with ESMTP id 6C2DCD37AC for ; Tue, 6 Mar 2001 12:30:35 -0500 (EST) Received: from by digicool.com (CommuniGate Pro RULES 3.4) with RULES id 1650903; Tue, 06 Mar 2001 12:33:44 -0500 Received: from ns2.digicool.com ([216.164.72.2] verified) by digicool.com (CommuniGate Pro SMTP 3.4) with ESMTP id 1650896 for barry@mail.digicool.com; Tue, 06 Mar 2001 12:33:44 -0500 Received: from mail.python.org (mail.python.org [63.102.49.29]) by ns2.digicool.com (8.9.3/8.9.3) with ESMTP id MAA08939 for ; Tue, 6 Mar 2001 12:31:02 -0500 Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org) by mail.python.org with esmtp (Exim 3.21 #1) id 14aLIc-0001Wp-00 for barry@digicool.com; Tue, 06 Mar 2001 12:31:02 -0500 Received: from [64.75.1.85] (helo=postal-worker1.kefta.com) by mail.python.org with esmtp (Exim 3.21 #1) id 14aLIB-0001VP-00 for mailman-announce-admin@python.org; Tue, 06 Mar 2001 12:30:35 -0500 Received: from mail1.kefta.com (mail1.kefta.com [10.0.2.1]) by postal-worker1.kefta.com (Keftamail) with ESMTP id E57BC4081 for ; Tue, 6 Mar 2001 09:24:31 -0800 (PST) Received: by mail1.kefta.com (Keftamail) via BOUNCE id 438064082; Tue, 6 Mar 2001 09:29:58 -0800 (PST) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="1EDF14081.983899798/mail1.kefta.com" Message-Id: <20010306172958.438064082@mail1.kefta.com> Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Announce-only list for Mailman releases and news List-Unsubscribe: , List-Archive: From: MAILER-DAEMON@keftamail.com (Mail Delivery System) Sender: mailman-announce-owner@python.org To: mailman-announce-admin@python.org Subject: Undelivered Mail Returned to Sender Date: Tue, 6 Mar 2001 09:29:58 -0800 (PST) X-Autogenerated: Mirror X-Mirrored-by: X-BeenThere: mailman-announce@python.org X-Mailman-Version: 2.0.2 (101270) This is a MIME-encapsulated message. --1EDF14081.983899798/mail1.kefta.com Content-Description: Notification Content-Type: text/plain This is the Keftamail program at host mail1.kefta.com. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please contact If you do so, please include this problem report. You can delete your own text from the message returned below. The Keftamail program : permission denied. Command output: Mail quota exceeded. --1EDF14081.983899798/mail1.kefta.com Content-Description: Undelivered Message Content-Type: message/rfc822 Received: from postal-worker2.kefta.com (postal-worker2.kefta.com [10.0.2.4]) by mail1.kefta.com (Keftamail) with ESMTP id 1EDF14081 for ; Tue, 6 Mar 2001 09:29:58 -0800 (PST) Received: by postal-worker2.kefta.com (Keftamail) id F089940C9; Tue, 6 Mar 2001 09:29:37 -0800 (PST) Delivered-To: davidlowie@keftamail.com Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7]) by postal-worker2.kefta.com (Keftamail) with ESMTP id BA59D40C0 for ; Tue, 6 Mar 2001 09:29:37 -0800 (PST) Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7]) by lists.securityfocus.com (Postfix) with ESMTP id 3A1C024CF8C; Tue, 6 Mar 2001 10:04:43 -0700 (MST) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 27825191 for BUGTRAQ@LISTS.SECURITYFOCUS.COM; Tue, 6 Mar 2001 10:03:25 -0700 Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Received: from firewall.osb.hu (unknown [193.224.234.1]) by lists.securityfocus.com (Postfix) with ESMTP id 48CD624C646 for ; Tue, 6 Mar 2001 00:49:55 -0700 (MST) Received: from pimpa.intranet.osb.hu (IDENT:root@pimpa.intranet.osb.hu [192.168.0.8]) by firewall.osb.hu (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id IAA11531 for ; Tue, 6 Mar 2001 08:53:08 +0100 Received: from localhost (sp@localhost) by pimpa.intranet.osb.hu (8.9.3/8.9.3) with ESMTP id IAA05518 for ; Tue, 6 Mar 2001 08:53:08 +0100 X-Authentication-Warning: pimpa.intranet.osb.hu: sp owned process doing -bs X-Received: from firewall.osb.hu (fw.intranet.osb.hu [192.168.0.1]) by pimpa.intranet.osb.hu (8.9.3/8.9.3) with ESMTP id JAA18698 for ; Sat, 3 Mar 2001 09:41:17 +0100 X-Received: from pax.intranet.osb.hu (IDENT:root@pax.intranet.osb.hu [192.168.0.2]) by firewall.osb.hu (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA24373 for ; Sat, 3 Mar 2001 09:41:17 +0100 X-Received: from firewall.osb.hu (fw.intranet.osb.hu [192.168.0.1]) by pax.intranet.osb.hu (8.9.3/8.9.3) with ESMTP id JAA09389 for ; Sat, 3 Mar 2001 09:41:16 +0100 X-Received: from mail.python.org (mail.python.org [63.102.49.29]) by firewall.osb.hu (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA24367 for ; Sat, 3 Mar 2001 09:41:07 +0100 X-Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org) by mail.python.org with esmtp (Exim 3.21 #1) id 14Z7OV-0000vs-00; Sat, 03 Mar 2001 03:28:03 -0500 X-Received: from [216.27.134.141] (helo=mail.wooz.org) by mail.python.org with esmtp (Exim 3.21 #1) id 14Z7Nq-0000tq-00; Sat, 03 Mar 2001 03:27:22 -0500 X-Received: by mail.wooz.org (Postfix, from userid 889) id BE7B0D37AC; Sat, 3 Mar 2001 03:26:35 -0500 (EST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: VM 6.84 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid X-Attribution: BAW X-Oblique-Strategy: Subvert your original idea X-Url: http://www.wooz.org/barry Errors-To: mailman-announce-admin@python.org X-BeenThere: mailman-announce@python.org X-Mailman-Version: 2.0.2 (101270) Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Announce-only list for Mailman releases and news List-Unsubscribe: , List-Archive: X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/) ReSent-Subject: [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch) Message-ID: Date: Tue, 6 Mar 2001 08:53:01 +0100 Reply-To: mailman-developers@python.org Sender: Bugtraq List Comments: RFC822 error: CC field duplicated. Last occurrence was retained. Comments: Resent-From: Soos Peter Comments: Originally-From: barry@digicool.com (Barry A. Warsaw) From: Soos Peter Subject: [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch) X-cc: mailman-developers@python.org To: BUGTRAQ@SECURITYFOCUS.COM I've just uploaded the Mailman 2.0.2 release to SourceForge. This is a bug fix release that also fixes a potential privacy hole, which could allow a list administrator to get access to user passwords. Even with those passwords, I believe there's little additional harm that a list admin could do, but still they probably shouldn't have access to those passwords. There are a few other important fixes in this release, so I recommend that all sites running Mailman 2.0 or 2.0.1 should upgrade. As usual I'm releasing this as both a complete tarball and as a patch against Mailman 2.0.1. If you grab the patchfile, you'll want to cd into your 2.0 source, and apply it like so: % patch -p1 < mailman-2.0.1-2.0.2.diff Currently only http://mailman.sourceforge.net is updated, but the list.org and gnu.org sites should be updated soon. The release information on SF is at http://sourceforge.net/project/shownotes.php?release_id=25955 My thanks to Thomas Wouters for his help! Enjoy, -Barry P.S. I'm not sure if I'll have time to release a 2.1 alpha of the I18N stuff before I leave for the Python9 conference. If we get the expected foot of snow between Sunday and Monday, it's a possibility. ;) [From the NEWS file] 2.0.2 (03-Mar-2001) Security fix: - A fix for a potential privacy exploit where a clever list administrator could gain access to user passwords. This doesn't allow them to do much more harm to the user then they normally could, but they still shouldn't have access to the passwords. Bug fixes: - In the admindb page, don't complain when approving a subscription of someone who's already on the list (SF bug #222409 - Thomas Wouters). Also, quote for HTML the Subject: text printed for held messages, otherwise messages with e.g. "Subject: " could royally screw page formatting. - In Netscape.py bounce processor, don't bomb out on ill-formed messages (no semi-colon separating parameters), otherwise mail delivery could grind to a halt. Bug reported by Kambiz Aghaiepour. - Docstring fix bin/newlist to remove mention of "immediate" argument (Thomas Wouters). - Fix for bin/update when PREFIX != VAR_PREFIX (SF bug #229794 -- Thomas Wouters). _______________________________________________ Mailman-announce mailing list Mailman-announce@python.org http://mail.python.org/mailman/listinfo/mailman-announce --1EDF14081.983899798/mail1.kefta.com--