From VM Wed Mar 7 11:08:33 2001
X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil]
[nil "Tuesday" "6" "March" "2001" "19:02:13" "+0000" "Mail Delivery System" "MAILER-DAEMON@bucks.net" nil "179" "Undelivered Mail Returned to Sender" "^From:" nil nil "3" nil nil nil nil nil]
nil)
Return-Path: <mailman-announce-admin@python.org>
Delivered-To: bwarsaw@wooz.org
Received: from digicool.com (host15.digitalcreations.d.subnet.rcn.com [208.59.6.15])
by mail.wooz.org (Postfix) with ESMTP id 590BFD37AC
for <barry@wooz.org>; Tue, 6 Mar 2001 14:02:37 -0500 (EST)
Received: from <mailman-announce-admin@python.org>
by digicool.com (CommuniGate Pro RULES 3.4)
with RULES id 1651377; Tue, 06 Mar 2001 14:05:47 -0500
Received: from ns2.digicool.com ([216.164.72.2] verified)
by digicool.com (CommuniGate Pro SMTP 3.4)
with ESMTP id 1651376 for barry@mail.digicool.com; Tue, 06 Mar 2001 14:05:46 -0500
Received: from mail.python.org (mail.python.org [63.102.49.29])
by ns2.digicool.com (8.9.3/8.9.3) with ESMTP id OAA13908
for <barry@digicool.com>; Tue, 6 Mar 2001 14:03:04 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org)
by mail.python.org with esmtp (Exim 3.21 #1)
id 14aMje-0005oS-00
for barry@digicool.com; Tue, 06 Mar 2001 14:03:02 -0500
Received: from [195.112.37.162] (helo=babylon.bucks.net ident=postfix)
by mail.python.org with esmtp (Exim 3.21 #1)
id 14aMix-0005nQ-00
for mailman-announce-admin@python.org; Tue, 06 Mar 2001 14:02:19 -0500
Received: by babylon.bucks.net (BNS Postfix) via BOUNCE
id 59B9747B9E; Tue, 6 Mar 2001 19:02:13 +0000 (GMT)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="41A6B47B9D.983905333/babylon.bucks.net"
Message-Id: <20010306190213.59B9747B9E@babylon.bucks.net>
Precedence: bulk
List-Help: <mailto:mailman-announce-request@python.org?subject=help>
List-Post: <mailto:mailman-announce@python.org>
List-Subscribe: <http://mail.python.org/mailman/listinfo/mailman-announce>,
<mailto:mailman-announce-request@python.org?subject=subscribe>
List-Id: Announce-only list for Mailman releases and news <mailman-announce.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/listinfo/mailman-announce>,
<mailto:mailman-announce-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/mailman-announce/>
From: MAILER-DAEMON@bucks.net (Mail Delivery System)
Sender: mailman-announce-owner@python.org
To: mailman-announce-admin@python.org
Subject: Undelivered Mail Returned to Sender
Date: Tue, 6 Mar 2001 19:02:13 +0000 (GMT)
X-Autogenerated: Mirror
X-Mirrored-by: <mailman-announce-admin@python.org>
X-BeenThere: mailman-announce@python.org
X-Mailman-Version: 2.0.2 (101270)
This is a MIME-encapsulated message.
--41A6B47B9D.983905333/babylon.bucks.net
Content-Description: Notification
Content-Type: text/plain
This is the BNS Postfix program at host babylon.bucks.net.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please contact <postmaster@bucks.net>
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The BNS Postfix program
<bjelf@detectit.net>: host mail.btconnect.com[193.113.154.2] said: 554 No
Resent-From field given
--41A6B47B9D.983905333/babylon.bucks.net
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7])
by babylon.bucks.net (BNS Postfix) with ESMTP id 41A6B47B9D
for <bjelf@SAFESTONE.COM>; Tue, 6 Mar 2001 19:02:11 +0000 (GMT)
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7])
by lists.securityfocus.com (Postfix) with ESMTP
id C8A0024C93F; Tue, 6 Mar 2001 10:05:17 -0700 (MST)
Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
(LISTSERV-TCP/IP release 1.8d) with spool id 27825191 for
BUGTRAQ@LISTS.SECURITYFOCUS.COM; Tue, 6 Mar 2001 10:03:25 -0700
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Received: from firewall.osb.hu (unknown [193.224.234.1]) by
lists.securityfocus.com (Postfix) with ESMTP id 48CD624C646 for
<BUGTRAQ@LISTS.SECURITYFOCUS.COM>; Tue, 6 Mar 2001 00:49:55 -0700
(MST)
Received: from pimpa.intranet.osb.hu (IDENT:root@pimpa.intranet.osb.hu
[192.168.0.8]) by firewall.osb.hu (8.9.3/8.9.3/Debian 8.9.3-21) with
ESMTP id IAA11531 for <BUGTRAQ@LISTS.SECURITYFOCUS.COM>; Tue, 6 Mar
2001 08:53:08 +0100
Received: from localhost (sp@localhost) by pimpa.intranet.osb.hu (8.9.3/8.9.3)
with ESMTP id IAA05518 for <BUGTRAQ@LISTS.SECURITYFOCUS.COM>; Tue, 6
Mar 2001 08:53:08 +0100
X-Authentication-Warning: pimpa.intranet.osb.hu: sp owned process doing -bs
X-Received: from firewall.osb.hu (fw.intranet.osb.hu [192.168.0.1]) by
pimpa.intranet.osb.hu (8.9.3/8.9.3) with ESMTP id JAA18698 for
<sp@pimpa.intranet.osb.hu>; Sat, 3 Mar 2001 09:41:17 +0100
X-Received: from pax.intranet.osb.hu (IDENT:root@pax.intranet.osb.hu
[192.168.0.2]) by firewall.osb.hu (8.9.3/8.9.3/Debian 8.9.3-21)
with ESMTP id JAA24373 for <sp@pimpa.intranet.osb.hu>; Sat, 3 Mar
2001 09:41:17 +0100
X-Received: from firewall.osb.hu (fw.intranet.osb.hu [192.168.0.1]) by
pax.intranet.osb.hu (8.9.3/8.9.3) with ESMTP id JAA09389 for
<sp@osb.hu>; Sat, 3 Mar 2001 09:41:16 +0100
X-Received: from mail.python.org (mail.python.org [63.102.49.29]) by
firewall.osb.hu (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id
JAA24367 for <sp@osb.hu>; Sat, 3 Mar 2001 09:41:07 +0100
X-Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org) by
mail.python.org with esmtp (Exim 3.21 #1) id 14Z7OV-0000vs-00; Sat,
03 Mar 2001 03:28:03 -0500
X-Received: from [216.27.134.141] (helo=mail.wooz.org) by mail.python.org with
esmtp (Exim 3.21 #1) id 14Z7Nq-0000tq-00; Sat, 03 Mar 2001 03:27:22
-0500
X-Received: by mail.wooz.org (Postfix, from userid 889) id BE7B0D37AC; Sat, 3
Mar 2001 03:26:35 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: VM 6.84 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
X-Attribution: BAW
X-Oblique-Strategy: Subvert your original idea
X-Url: http://www.wooz.org/barry
Errors-To: mailman-announce-admin@python.org
X-BeenThere: mailman-announce@python.org
X-Mailman-Version: 2.0.2 (101270)
Precedence: bulk
List-Help: <mailto:mailman-announce-request@python.org?subject=help>
List-Post: <mailto:mailman-announce@python.org>
List-Subscribe: <http://mail.python.org/mailman/listinfo/mailman-announce>,
<mailto:mailman-announce-request@python.org?subject=subscribe>
List-Id: Announce-only list for Mailman releases and news
<mailman-announce.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/listinfo/mailman-announce>,
<mailto:mailman-announce-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/mailman-announce/>
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
ReSent-Subject: [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy
patch)
Message-ID: <Pine.LNX.4.30.0103060853010.5499@pimpa.intranet.osb.hu>
Date: Tue, 6 Mar 2001 08:53:01 +0100
Reply-To: mailman-developers@python.org
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
Comments: RFC822 error: <W> CC field duplicated. Last occurrence was
retained.
Comments: Resent-From: Soos Peter <sp@osb.hu>
Comments: Originally-From: barry@digicool.com (Barry A. Warsaw)
From: Soos Peter <sp@OSB.HU>
Subject: [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy
patch)
X-cc: mailman-developers@python.org
To: BUGTRAQ@SECURITYFOCUS.COM
I've just uploaded the Mailman 2.0.2 release to SourceForge. This is
a bug fix release that also fixes a potential privacy hole, which
could allow a list administrator to get access to user passwords.
Even with those passwords, I believe there's little additional harm
that a list admin could do, but still they probably shouldn't have
access to those passwords.
There are a few other important fixes in this release, so I recommend
that all sites running Mailman 2.0 or 2.0.1 should upgrade.
As usual I'm releasing this as both a complete tarball and as a patch
against Mailman 2.0.1. If you grab the patchfile, you'll want to cd
into your 2.0 source, and apply it like so:
% patch -p1 < mailman-2.0.1-2.0.2.diff
Currently only http://mailman.sourceforge.net is updated, but the
list.org and gnu.org sites should be updated soon. The release
information on SF is at
http://sourceforge.net/project/shownotes.php?release_id=25955
My thanks to Thomas Wouters for his help!
Enjoy,
-Barry
P.S. I'm not sure if I'll have time to release a 2.1 alpha of the I18N
stuff before I leave for the Python9 conference. If we get the
expected foot of snow between Sunday and Monday, it's a
possibility. ;)
[From the NEWS file]
2.0.2 (03-Mar-2001)
Security fix:
- A fix for a potential privacy exploit where a clever list
administrator could gain access to user passwords. This doesn't
allow them to do much more harm to the user then they normally
could, but they still shouldn't have access to the passwords.
Bug fixes:
- In the admindb page, don't complain when approving a
subscription of someone who's already on the list (SF bug
#222409 - Thomas Wouters).
Also, quote for HTML the Subject: text printed for held
messages, otherwise messages with e.g. "Subject: </table>" could
royally screw page formatting.
- In Netscape.py bounce processor, don't bomb out on ill-formed
messages (no semi-colon separating parameters), otherwise mail
delivery could grind to a halt. Bug reported by Kambiz
Aghaiepour.
- Docstring fix bin/newlist to remove mention of "immediate"
argument (Thomas Wouters).
- Fix for bin/update when PREFIX != VAR_PREFIX (SF bug #229794 --
Thomas Wouters).
_______________________________________________
Mailman-announce mailing list
Mailman-announce@python.org
http://mail.python.org/mailman/listinfo/mailman-announce
--41A6B47B9D.983905333/babylon.bucks.net--