On 10/06/2014 08:24 AM, argyb...@openmailbox.org wrote: > > Has there been an official word as to whether Mailman has been affected > by the recent bash bugs, aka shellshock > > Mailman is listed here https://github.com/mubix/shellshocker-pocs and I > wonder what developers think?
Mailman's CGIs (Mailman 2.1.x at least) do not invoke bash or any shell. The CGI wrappers use the C execve function to call python directly to run python scripts. The Web UI in Mailman 3 is totally different and uses Django. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
