Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Apr 2015 23:15:54 -0700
From: Mark Sapiro <mark@...piro.net>
To: Kurt Seifried <kseifried@...hat.com>, mailman-security@...hon.org, 
 "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Limited DoS in mailman (requires non standard config)

On 04/28/2015 10:32 PM, Kurt Seifried wrote:
> CentOS 6.6 with mailman-2.1.12-18.el6.x86_64
> 
> Which is.. ergh. I did not realize how old this is.


Email address validation was strengthened in Mailman 2.1.15. Prior to
that, it would allow a slash (/) in an email address domain but not since.

-- 
Mark Sapiro <mark@...piro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ