*** This bug is a security vulnerability ***
Private security bug reported:
The fix for #2015416 was incomplete. The options login page returned
from an invalid login with private rosters is still subtly different
between the `email is not a list member` and the `email is a list member
but password is incorrect` cases.
** Affects: mailman
Importance: Low
Assignee: Mark Sapiro (msapiro)
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/2017813
Title:
Membership information leak through options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/2017813/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
