AJ wrote:
How can we test that the patch is working? Is there a way to cause the log
message to be written to the mischief log? Just want to make sure the
patch is
working, any help would be great.
Principally, add /../ in your browser's url box after authenticate
yourself for the private archi
How can we test that the patch is working? Is there a way to cause the log
message to be written to the mischief log? Just want to make sure the
patch is
working, any help would be great.
Thanks.
On Feb 10, 2005, at 8:17 AM, [EMAIL PROTECTED] wrote:
Am I correct in assuming the attack only allo
Hi,
As I noticed, 2.0.x versions (at least 2.0.13) are vulnerable,
too. (As the subject of the announcement also suggested.)
Which unfortunately only works with Python 2.
Python 1 (respective at least 1.5.2) complains about syntax
errors. (Which, in fact, also helps against the vulnerability by
Before I start writing one of my own, I'm wondering if anyone here has
tucked away unreleased in their home directory a script they made to
convert the list configs under ListProc to Mailman-style configs?
Any help or pointers would be appreciated. I have about 1600 ListProc
lists I'm going to
At 11:19 PM +0100 2005-02-10, Brad Knowles wrote:
Apparently the problem is a more severe than first thought. Some
machines in the facility have power, some don't. It may take a while
to sort everything out, but we do not yet know exactly how long.
In the meanwhile, the web administrat
At 11:10 PM +0100 2005-02-10, Brad Knowles wrote:
I just found out that the facility where the machine is located is
having a minor power problem, and they are working on restoring it as
quickly as possible. However, I have not yet heard any estimated
time to repair.
Apparently the pro
At 8:30 PM +0100 2005-02-10, Brad Knowles wrote:
I just discovered a few minutes ago that the server appears to be
down, and I have not been able to get in contact with Barry or anyone
else to tell me what's going on with it. As soon as I have more
information, I will post it here.
I j
Hello
I have mailman 2.1.5
One of my lists is moderated. Only a few people can post. When someone new
is subscribed they receive an automatic welcome message. Within the text of
that message is the list posting address.
Since most are not allowed to post I'd like to remove this address from the
Hi!
I already patched our servers yesterday after the mail on
full-disclosure about it being hacked. (See
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html.)
The patch mentioned there is without doing the syslog entry, but in
general it does the same.
I just want to shar
At 2:17 PM -0500 2005-02-10, Brad Stockdale wrote:
I'm in a bit of a perdicament. I need to setup two Mailman lists today
and they need to be announce-only. This in and of itself isnt a problem.
I searched the archives and found a lot of references to an FAQ article
that explains the procedu
On 09/02/05 Mark Sapiro did say:
> The 313th article in the mbox file (starting with 0) has invalid base64
> encoding.
Well, I couldn't find anything wrong with the article in question. So, I
patched the code in Util.py to catch the exception and return the null string.
Seems to have permitted th
Hello all,
I'm in a bit of a perdicament. I need to setup two Mailman lists today
and they need to be announce-only. This in and of itself isnt a problem. I
searched the archives and found a lot of references to an FAQ article that
explains the procedure. Herein lay the problem -- I cannot se
I have recently installed mailman, and have currently set up a list with two
subscribers to test it out.
Mailman is set up and is working fine. However, one of the list members
never gets any posts. There are no bounces, no indication that anything has
gone wrong. Just no posts.
The server/MTA (
If you own a business, and your customers start telling your employees
when to take coffee breaks, would that upset you?
that's the same issue as when users decide when to make announcements
about mailman without consulting Barry. It's Barry's call.
A lot of this comes down to the issue of peop
I'd like to issue a similar plea for assistance. I have Mailman 2.1.3
(default install on Panther Server) If a very basic set of
instructions could be prepared, step 1, step 2, step 3.. it would be
extremely helpful.
On Feb 10, 2005, at 10:34 AM, John Swartzentruber wrote:
On 2/10/2005 9:4
Patch seems ok on 2.1. Is there a way to test if it's working and we are
protected? Maybe someone can respond offlist with a test URL of some
kind that
would trigger a log in the mischief log.
Thanks.
On Feb 10, 2005, at 8:17 AM, [EMAIL PROTECTED] wrote:
Am I correct in assuming the attack onl
Brad Knowles wrote on Thu, 10 Feb 2005 02:32:18 +0100:
> However, I also take Chuq's point that all security announcements
> to this list, and all related mailman mailing lists hosted on
> python.org, should be made by Barry or one of the other core
> developers.
>
This was not a "security ann
Mark Sapiro wrote on Wed, 9 Feb 2005 16:17:28 -0800:
> Previously you wrote "So I set SMTP_MAX_RCPT = 5 in mm_cfg.py". I don't
> know if SMTP_MAX_RCPT is a typo or if that is literally what you set,
> but it could be the problem as the actual variable is SMTP_MAX_RCPTS.
>
Little mistake, great
On Feb 10, 2005, at 8:17 AM, [EMAIL PROTECTED] wrote:
Am I correct in assuming the attack only allows hackers to access
(read)
files? Yes, I understand that if they can read/get mailman passwords,
they
can obviously change lists but nothing more nefarious than that?
they can not only get the pas
Am I correct in assuming the attack only allows hackers to access (read)
files? Yes, I understand that if they can read/get mailman passwords, they
can obviously change lists but nothing more nefarious than that? ie not
change OS files or mailman sw? And would it be presumptuous of me to think
th
On 2/10/2005 11:03 AM [EMAIL PROTECTED] wrote:
The pyc will only get remade when needed and since this only affects lists
with archives, try going to some list of yours with an archive.
Thank you (and to Dan Phillips who replied privately). When I accessed a
private archive the .pyc file was remad
On Thu, 10 Feb 2005, John Swartzentruber wrote:
On 2/10/2005 9:41 AM Barry Warsaw wrote:
Until Mailman 2.1.6 is released, the longer term fix is to apply this
patch:
http://www.list.org/CAN-2005-0202.txt
Could an expert please help out a non-expert? I applied this patch to
/usr/lib/mailman/Mailma
To answer a few recent questions.
To the best of my knowledge the patch is safe for any version of mailman
that contains the function true_path in private.py.
You will not see a new .pyc or .pyo file generated until the script is
executed for the first time after the change. In other words until
OK, thanks. With no modifications it did not apply, but I can probably get it
to work. It shouldn't cause any issues w/ 2.1 should it?
Thanks.
Quoting Ralf Hildebrandt <[EMAIL PROTECTED]>:
* AJ <[EMAIL PROTECTED]>:
Can this be applied to any 2.1 release?
I am running 2.1 at the moment.
The patch
On 2/10/2005 9:41 AM Barry Warsaw wrote:
Until Mailman 2.1.6 is released, the longer term fix is to apply this
patch:
http://www.list.org/CAN-2005-0202.txt
Could an expert please help out a non-expert? I applied this patch to
/usr/lib/mailman/Mailman/Cgi, and the private.py file was correctly
pa
* AJ <[EMAIL PROTECTED]>:
> Can this be applied to any 2.1 release?
> I am running 2.1 at the moment.
The patch is very small, so I'd think yes.
--
Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155
Gemeins
Can this be applied to any 2.1 release?
I am running 2.1 at the moment.
Thanks.
> Until Mailman 2.1.6 is released, the longer term fix is to apply this
> patch:
>
> http://www.list.org/CAN-2005-0202.txt
--
Mailman-Users mailing list
Mailm
There is a critical security flaw in Mailman 2.1.5 and earlier Mailman
2.1 versions which can allow remote attackers to gain access to member
passwords under certain conditions. The extent of the vulnerability
depends on what version of Apache you are running, and (possibly) how
you have configure
Hi all,
there is a way to send a file (a zipped miniguide) whene a subscribed
ml's user ask "help" (or something else" at [EMAIL PROTECTED]
Regards,
Sythos
--
Sythos - http://www.sythos.net
() ASCII Ribbon Campaign - against html/rtf/vCard in mail
/\- agains
Hello All:
How do I send html emails?
Thank You
Ezra Taylor
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Search
Hi Brad,
Thanks for your reply. The 'admin_immed_notify' option is turned on for my
lists and I went through the troubleshooting recommendations (following
which I didn't need to make any adjustments to my mailman configuration).
Interestingly this morning at 8 I received notification of posting
31 matches
Mail list logo
