Re: [Mailman-Users] Edit options security flaw

2004-12-13 Thread Mark Sapiro
Tokio Kikuchi wrote: >Marius Amado Alves wrote: > >> Sometimes version 2.1.5 lets a user A edit the options of another user B >> as follows. >> >> User A consults the member list (using his name and password normally). >> Here A picks an email address of user B. User A returns to the main >> p

[Mailman-Users] Edit options security flaw

2004-12-13 Thread Marius Amado Alves
I don't want to sign up with SourceForge so here's a bug report right here. Sometimes version 2.1.5 lets a user A edit the options of another user B as follows. User A consults the member list (using his name and password normally). Here A picks an email address of user B. User A returns to the

Re: [Mailman-Users] Edit options security flaw

2004-12-13 Thread Tokio Kikuchi
Marius Amado Alves wrote: Sometimes version 2.1.5 lets a user A edit the options of another user B as follows. User A consults the member list (using his name and password normally). Here A picks an email address of user B. User A returns to the main page, enters address of B in the Edit option

Re: [Mailman-Users] Edit options security flaw

2004-12-13 Thread Marius Amado Alves
What is the browser you are using? Netscape 7.1 -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archiv

Re: [Mailman-Users] Edit options security flaw

2004-12-13 Thread Kevin W. Gagel
Marius, What is the browser you are using? - Original Message Follows - From: Marius Amado Alves <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [Mailman-Users] Edit options security flaw Date: Mon, 13 Dec 2004 23:20:55 + > I don't want to sign up with SourceForge s

Re: [Mailman-Users] Edit options security flaw

2004-12-13 Thread Marius Amado Alves
Mark Sapiro wrote: Tokio Kikuchi wrote: Marius Amado Alves wrote: Sometimes version 2.1.5 lets a user A edit the options of another user B as follows. User A consults the member list (using his name and password normally). Here A picks an email address of user B. User A returns to the main p