David Lee wrote: > >If the inbound email contains not only the plain text message but also its > equivalent in HTML >and if the "Approved:" is specified as the first line of the body rather > than as a header >then > the password is in danger of leaking outbound, being stripped only from > the plain version but not from the HTML version where it could persist. >endif
This was bug 1181161 which was fixed in Mailman 2.1.7, but there can still be problems if 'Approved: password' gets split across lines in quoted printable encoded alternative parts or gets base64 encoded. It's on my list to fix these issues. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp