Hi folks,
I am not yet absolutely sure about what has happened exactly. But at the moment all looks like somebody was able to unsubscribe a list's member without knowing this member's password. My web logs show access POST /mailman/subscribe/mylist-l POST [EMAIL PROTECTED] and immediately afterwards Mailman unsubscribed [EMAIL PROTECTED] Because I know the person behind [EMAIL PROTECTED] personally, I have to consider this whole thing as a fraud. I have also checked the password of [EMAIL PROTECTED], that was "uxgovo" which I consider unguessable :/ Have I missed a security fix? I am using MM 2.0.6, Python 2.0 and Apache 1.3.19. I know that 2.0.6 is too old but I did not know that it was vulnerable to such a nasty thing. Is it? TIA, -- Andreas ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
