On Wed, 2005-02-09 at 14:41 -0500, R P Herrold wrote: > Sorry for the cross post, but this is an important one > potentially affecting all recipients. > > This just crossed the Full Disclosure mailman moderated > mailing list. It bears a careful read, and thought about > whether a response is needed. > > The implication is that if there is any use of a mailman > password in common with a password you 'care' about, you need > to take appropriate action at once. Also some backends merge > Bugzilla and mailman password stores, which can cause > unexpected secondary effects. > > I have not seen a patch yet, and so one has to assume that the > configs and passwords for all mailman moderated mailing lists > are compromised. Once a fix issues, Mailman moderators will > want to do a global password change, and local list > modification. > the patch to mailman came out weeks ago unless this is a new password exposure bug. -sv