On Tue, 2018-01-09 at 09:10 -0800, Mark Sapiro wrote: > See <https://bugs.launchpad.net/mailman/+bug/1614841>. The comment > thread contains a link to a patch to fix versions >= 2.1.15 and <= > 2.1.22, however the version "2.1.18-1" indicates this is some distro's > package and the patch may have already been backported.
Actually not. "2.1.18-1" was the first full implementation of DMARC mitigation from y'all. It's listed as a standard version at http://www.securiteam.com/securitynews/6P03K0AHFA.html which shows it as vulnerable to a CSRF attack. I always build MM from source and haven't used a distro-provided version in years. I should probably update my installation to the latest version. I came on bug #775294 and apparently my version is vulnerable. Upgrading MM2 here is a bit of a PITA since I have to do a lot of patching to support the hacks I've done to MM over the years. -- Lindsay Haisley | "The first casualty when FMP Computer Services | war comes is truth." 512-259-1190 | http://www.fmp.com | -- Hiram W Johnson ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
