On Wed, 20 Jul 2016 12:02:13 -0700 Mark Sapiro <[email protected]> wrote: > On 07/19/2016 02:10 PM, Perry E. Metzger wrote: > > https://httpoxy.org/ seems to impact any python program (among > > many others) that runs under cgi. Does it cause trouble for > > mailman? What is a reasonable mitigation? > > > I am not an expert on httpoxy at all, but quoting from > <https://httpoxy.org/#top> > > "httpoxy is a vulnerability for server-side web applications. If > you’re not deploying code, you don’t need to worry." > > Mailman's web UI serves end user HTML pages. It does not deploy > code. >
Er, it uses CGI scripts, doesn't it? That's what it means to "deploy code" in this context. Perry -- Perry E. Metzger [email protected] ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
