Membership information leak through options page
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Committed
|
Medium
|
Mark Sapiro |
Bug Description
Using mailman 2.1.39 with the recent fixes for bug 1961762 applied on top. [1] [2]
A user has noticed the following behavior on our list with private_roster = 1 (List members): [3]
=======
When using the Remind button:
"If you are a list member, your password has been emailed to you." is only displayed when the entered email is on the list.
The same thing happens with the Unsubscribe button, "If you are a list member, a confirmation email has been sent." is only displayed when the entered email is on the list.
=======
[1] https:/
[2] https:/
[3] https:/
Related branches
Changed in mailman: | |
importance: | Undecided → Medium |
milestone: | none → 2.1.40 |
status: | New → Confirmed |
Changed in mailman: | |
assignee: | nobody → Mark Sapiro (msapiro) |
status: | Confirmed → Fix Committed |