FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- password disclosure

Affected packages
ja-mailman < 2.1.5
mailman < 2.1.5

Details

VuXML ID ad9d2518-3471-4737-b60b-9a1f51023b28
Discovery 2004-05-15
Entry 2005-06-01

Barry Warsaw reports:

Today I am releasing Mailman 2.1.5, a bug fix release [...] This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version.

References

CVE Name CVE-2004-0412
Message http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html