Back to bug 745409
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jan Kaluža | 2011-10-12 09:50:49 UTC | Status | NEW | ASSIGNED |
| Jan Kaluža | 2011-10-12 09:51:35 UTC | Blocks | 745411 | |
| Ondrej Vasik | 2012-07-10 10:31:28 UTC | CC | ovasik | |
| Ales Zelinka | 2012-07-27 11:42:54 UTC | CC | azelinka | |
| Ales Zelinka | 2014-02-28 14:56:04 UTC | CC | azelinka | |
| Petr Sklenar | 2014-04-03 12:51:02 UTC | CC | psklenar | |
| Jan Kaluža | 2015-01-30 08:18:04 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | mailman-2.1.12-20.el6 | |||
| errata-xmlrpc | 2015-02-03 13:15:56 UTC | Status | MODIFIED | ON_QA |
| Jan Kaluža | 2015-03-16 09:34:14 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-03-16 09:35:03 UTC | Status | MODIFIED | ON_QA |
| Alois Mahdal | 2015-04-15 19:33:40 UTC | CC | amahdal | |
| QA Contact | qe-baseos-daemons | amahdal | ||
| Alois Mahdal | 2015-05-12 20:07:11 UTC | Status | ON_QA | VERIFIED |
| Jan Kaluža | 2015-05-18 06:51:38 UTC | Doc Text | Cause: When the Mailman is set to not archive a list but the archive is not set to the private, the attachments sent to that list will be placed in a public archive. httpd configuration of public archive directory allows listing all files in the archive directory. Consequence: User of mailman web-interface can list the private attachments. Fix: The httpd configuration of mailman has been altered to now allow listing of private archive directory. Result: User of mailman web-interface cannot list the private attachments now. |
|
| Jan Kaluža | 2015-05-18 10:05:21 UTC | Doc Text | Cause: When the Mailman is set to not archive a list but the archive is not set to the private, the attachments sent to that list will be placed in a public archive. httpd configuration of public archive directory allows listing all files in the archive directory. Consequence: User of mailman web-interface can list the private attachments. Fix: The httpd configuration of mailman has been altered to now allow listing of private archive directory. Result: User of mailman web-interface cannot list the private attachments now. | Cause: When the Mailman is set to not archive a list but the archive is not set to the private, the attachments sent to that list will be placed in a public archive. httpd configuration of public archive directory allows listing all files in the archive directory. Consequence: User of mailman web-interface can list the private attachments. Fix: The httpd configuration of mailman has been altered to not allow listing of private archive directory. Result: User of mailman web-interface cannot list the private attachments now. |
| Lenka Špačková | 2015-06-17 07:58:48 UTC | Doc Text | Cause: When the Mailman is set to not archive a list but the archive is not set to the private, the attachments sent to that list will be placed in a public archive. httpd configuration of public archive directory allows listing all files in the archive directory. Consequence: User of mailman web-interface can list the private attachments. Fix: The httpd configuration of mailman has been altered to not allow listing of private archive directory. Result: User of mailman web-interface cannot list the private attachments now. | When Mailman was set to not archive a list but the archive was not set to private, attachments sent to that list were placed in a public archive. Consequently, users of Mailman web interface could list private attachments because httpd configuration of public archive directory allows listing all files in the archive directory. The httpd configuration of Mailman has been fixed to not allow listing of private archive directory, and users of Mailman web interface are no longer able to list private attachments. |
| errata-xmlrpc | 2015-07-20 13:26:47 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2015-07-22 07:41:38 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2015-07-22 03:41:38 UTC |
Back to bug 745409