Bug 745409
Summary: | default httpd config for Mailman offers directory listings for lists with disabled but public archives | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jan Kaluža <jkaluza> | |
Component: | mailman | Assignee: | Jan Kaluža <jkaluza> | |
Status: | CLOSED ERRATA | QA Contact: | Alois Mahdal <amahdal> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.3 | CC: | amahdal, ovasik, psklenar, ulrik.haugen | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | mailman-2.1.12-20.el6 | Doc Type: | Bug Fix | |
Doc Text: |
When Mailman was set to not archive a list but the archive was not set to private, attachments sent to that list were placed in a public archive. Consequently, users of Mailman web interface could list private attachments because httpd configuration of public archive directory allows listing all files in the archive directory. The httpd configuration of Mailman has been fixed to not allow listing of private archive directory, and users of Mailman web interface are no longer able to list private attachments.
|
Story Points: | --- | |
Clone Of: | 745012 | |||
: | 745411 (view as bug list) | Environment: | ||
Last Closed: | 2015-07-22 07:41:38 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 745012 | |||
Bug Blocks: | 745411 |
Description
Jan Kaluža
2011-10-12 09:50:19 UTC
Note that the test case We'll be using slightly differs from the OP: 1. Create test list, 2. send mail with *binary* attachment to the list 3. set `archive = 0` and `archive_private = 0` for the list, 4. and check http://site.example.com/pipermail/listname/attachments/, while OP sends the mail *after* changing the settings, which in our settings resulted in empty archive in both cases (before and after fix). Verified on x86_64, and scheduled tests for the rest of architectures. Verified on all architectures now. (TJ#954912, TJ#954913) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1417.html |