Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

Bug#260508: sympa: Reported to the security team?

From Kjetil Kjernsmo@1:229/2 to All on Thu Aug 12 19:20:04 2004

From: [email protected]

Package: sympa
Severity: grave
Tags: security, fixed-upstream
Followup-For: Bug #260508

I was wondering if this problem has been reported to the security team? Shouldn't it?

I assume that the problem that is referred to is this:
"Listmaster approval could be bypassed to create a list. This
vulnerability affects all 2.x, 3.x and 4.x Sympa versions."

This means that all sympa packages in Debian are vulnerable, and I guess
it is appropriate to mark this bug accordingly. I'm not experienced
enought with the BTS to know if setting the pseudo-headers will do the
trick, but it is worth a shot.

-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-ruby.2004-07-25.owl.1.oss
Locale: LANG=C, LC_CTYPE=C

--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

From Stefan Hornburg@1:229/2 to Kjetil Kjernsmo on Fri Aug 13 13:30:11 2004

From: [email protected]

On Thu, 12 Aug 2004 18:54:17 +0200
Kjetil Kjernsmo <[email protected]> wrote:

Package: sympa
Severity: grave
Tags: security, fixed-upstream
Followup-For: Bug #260508

I was wondering if this problem has been reported to the security team? Shouldn't it?

I assume that the problem that is referred to is this:
"Listmaster approval could be bypassed to create a list. This
vulnerability affects all 2.x, 3.x and 4.x Sympa versions."

This means that all sympa packages in Debian are vulnerable, and I guess
it is appropriate to mark this bug accordingly. I'm not experienced
enought with the BTS to know if setting the pseudo-headers will do the
trick, but it is worth a shot.

Sounds reasonable, I'll address the problem ASAP.

Thanks
Racke

--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Tue Jun 9 11:18:15 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Tue Jun 9 10:31:07 2026
  from Wales, Uk via Telnet
- Centurion
  Mon Jun 8 23:30:43 2026
  from Berea, Ohio via Telnet
- Centurion
  Mon Jun 8 21:33:11 2026
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 8 20:15:00 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	43:09:41
Calls:	12,111
Calls today:	2
Files:	15,008
Messages:	6,518,439