[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mailman-developers
Subject:    Re: [Mailman-Developers] Handling potential security bugs
From:       Barry Warsaw <barry () python ! org>
Date:       2004-12-28 3:37:01
Message-ID: 1104205021.9105.255.camel () presto ! wooz ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Wed, 2004-12-22 at 09:46, Florian Weimer wrote:
> * Barry Warsaw:
> 
> > On Wed, 2004-12-22 at 05:40, Florian Weimer wrote:
> >
> >> where should I submit security bugs?  There are two more in my queue
> >> (minor ones, admittedly, as no server-side code execution is
> >> involved).
> >
> > As a general rule, you can post security issues to
> > mailman-cabal@python.org, which is a closed distribution list.
> 
> Thanks.
> 
> > I will try to find some time in the next few days to respond to the
> > previous password issue.
> 
> As this bug is now publicly documented, I've submitted a patch to the
> Debian BTS: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796>
> 
> Unfortunately, this patch is not portable because it relies on the
> existence of /dev/urandom.

Can you send me (via mailman-cabal) the patch -- I don't want to have to
cut and paste it out of the referenced bug report.

If you do this, I will include the change_pw script for Mailman 2.1.6
and make a /dev/urandom based password optional based on an mm_cfg.py
variable.  I'm not sure exactly how to handle the listinfo text, but
I'll think of something.

-Barry


["signature.asc" (application/pgp-signature)]

_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/mailman-developers%40progressive-comp.com




[prev in list] [next in list] [prev in thread] [next in thread]