On Sun, 6 Jan 2002, Julian C. Dunn wrote:
> On Sun, 6 Jan 2002, R. DuFresne wrote:
>
> > I'd remove the mailman CGI scripts, they have some security issues that
> > have been covered on the Bugtraq list.
>
> I really don't think that this is a very helpful comment because it's a
> non-sequitur; first off it doesn't solve David's problem, and second of
> all, you should provide some context for that statement. MailMan < 2.0.8
> suffers from cross-site-scripting security problems which have been fixed
> in the latest release, if those are the security issues you are referring
> to. Even so, what if David is running MailMan on an intranet where the CSS
> bugs won't be exploited? Then these security issues are not relevant to
> him.
First, I didn't think folks on this list required spoonfeeding. I take it
that folks capble of untarring and going through the farily complex
instructions for installing 3 or more seperate packages are qualified to
do some research on their own, which persons concerned with the security
of the site<s> they maintain certainly should do, yes? Second, I am not
aware, and you certainly are not aware of which version of mailman the
requestor has on his system. Third, in a private response to the
requester, which I'll not post as it was indeed a private exchange and
the posting of private exchanges is in bad form, right?, there was a bit
more information included, to help guide them in their own search for the
issues breifly related in my first public posting. Forth, you were and
are certainly allowed to supply more information and spoonfeeding to
requestors, should you feel it nessecary, as you did, for the edification
of the full list or privately, if spoonfeeding is your forte.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
