On Wed, 2005-02-09 at 14:41 -0500, R P Herrold wrote:
Sorry for the cross post, but this is an important one potentially affecting all recipients.
This just crossed the Full Disclosure mailman moderated mailing list. It bears a careful read, and thought about whether a response is needed.
The implication is that if there is any use of a mailman password in common with a password you 'care' about, you need to take appropriate action at once. Also some backends merge Bugzilla and mailman password stores, which can cause unexpected secondary effects.
I have not seen a patch yet, and so one has to assume that the configs and passwords for all mailman moderated mailing lists are compromised. Once a fix issues, Mailman moderators will want to do a global password change, and local list modification.
the patch to mailman came out weeks ago unless this is a new password exposure bug.
-sv