Date: Tue, 28 Apr 2015 23:15:54 -0700 From: Mark Sapiro <mark@...piro.net> To: Kurt Seifried <kseifried@...hat.com>, mailman-security@...hon.org, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: Limited DoS in mailman (requires non standard config) On 04/28/2015 10:32 PM, Kurt Seifried wrote: > CentOS 6.6 with mailman-2.1.12-18.el6.x86_64 > > Which is.. ergh. I did not realize how old this is. Email address validation was strengthened in Mailman 2.1.15. Prior to that, it would allow a slash (/) in an email address domain but not since. -- Mark Sapiro <mark@...piro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ