blob: 2e181887b5b118da6748f9b5dbab62e18c9a7198 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200406-04">
<title>Mailman: Member password disclosure vulnerability</title>
Mailman contains a bug allowing 3rd parties to retrieve member passwords.
<product type="ebuild">mailman</product>
<announced>June 09, 2004</announced>
<revised>June 09, 2004: 01</revised>
<access>remote </access>
<package name="net-mail/mailman" auto="yes" arch="*">
<unaffected range="ge">2.1.5</unaffected>
<vulnerable range="lt">2.1.5</vulnerable>
Mailman is a python-based mailing list server with an extensive web
Mailman contains an unspecified vulnerability in the handling of request
<impact type="normal">
By sending a carefully crafted email request to the mailman server an
attacker could obtain member passwords.
There is no known workaround at this time.
All users of Mailman should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-mail/mailman-2.1.5"
# emerge ">=net-mail/mailman-2.1.5"</code>
<uri link="">Mailman 2.1.5 Release Announcement</uri>
<uri link="">CAN-2004-0412</uri>
<metadata tag="submitter">