subject:"\[Mailman\-Developers\] Imminent release of a Mailman security fix."

Re: [Mailman-Developers] Imminent release of a Mailman security fix.

2016-08-22 Thread Richard Damon

On 8/22/16 5:31 AM, A. Schulze wrote: Mark Sapiro: There is a CSRF vulnerability ... I have developed a fix... I'm delaying the release ... Hello, don't understand why you wait? Yes some people may need time to plan a update. But there are also people not needing such plan. They could us

Re: [Mailman-Developers] Imminent release of a Mailman security fix.

2016-08-22 Thread A. Schulze

Mark Sapiro: There is a CSRF vulnerability ... I have developed a fix... I'm delaying the release ... Hello, don't understand why you wait? Yes some people may need time to plan a update. But there are also people not needing such plan. They could use the patch just now. But maybe you

[Mailman-Developers] Imminent release of a Mailman security fix.

2016-08-19 Thread Mark Sapiro

There is a CSRF vulnerability associated with the user options page. This could conceivably allow an attacker to obtain a user's password. This is reported at . I have developed a fix which is a small patch to two modules. I plan to release Mailman