*** This bug is a security vulnerability *** Private security bug reported:
A URL with a very long text listname such as http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions _______________________________________________ Mailman-coders mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-coders
