[prev in list] [next in list] [prev in thread] [next in thread]
List: mailman-developers
Subject: Re: [Mailman-Developers] Handling potential security bugs
From: Barry Warsaw <barry () python ! org>
Date: 2004-12-28 3:37:01
Message-ID: 1104205021.9105.255.camel () presto ! wooz ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Wed, 2004-12-22 at 09:46, Florian Weimer wrote:
> * Barry Warsaw:
>
> > On Wed, 2004-12-22 at 05:40, Florian Weimer wrote:
> >
> >> where should I submit security bugs? There are two more in my queue
> >> (minor ones, admittedly, as no server-side code execution is
> >> involved).
> >
> > As a general rule, you can post security issues to
> > mailman-cabal@python.org, which is a closed distribution list.
>
> Thanks.
>
> > I will try to find some time in the next few days to respond to the
> > previous password issue.
>
> As this bug is now publicly documented, I've submitted a patch to the
> Debian BTS: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796>
>
> Unfortunately, this patch is not portable because it relies on the
> existence of /dev/urandom.
Can you send me (via mailman-cabal) the patch -- I don't want to have to
cut and paste it out of the referenced bug report.
If you do this, I will include the change_pw script for Mailman 2.1.6
and make a /dev/urandom based password optional based on an mm_cfg.py
variable. I'm not sure exactly how to handle the listinfo text, but
I'll think of something.
-Barry
["signature.asc" (application/pgp-signature)]
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/mailman-developers%40progressive-comp.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic