Hi John and Hi Barry. John Dennis wrote:
> On Sat, 2004-05-15 at 19:22, Barry Warsaw wrote: > >>This version also contains a fix >>for an exploit that could allow 3rd parties to retrieve member >>passwords. It is thus highly recommended that all existing sites >>upgrade to the latest version. > > > Could you be more specific about the exploit? Is there a CVE or CAN open > against it? I assume given the public announcement this is not an > embargoed security exploit, or is it? > The exploit is very easy for anyone who can view the source (and diff) with curiosity. So, we should send CVE/CAN ASAP, I think. -- Tokio _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
