e97d74c80a
which_access open -> closed who_access open -> closed max_which_hits 0 -> 1 Those would allow a spammer to harvest all subscriber addresses if not changed by the list admin. Reported on http://online.securityfocus.com/archive/1/310113/2003-02-03/2003-02-09/0 Don't restrict the which arguments as the article suggests, though, because with which_access list and max_which_hits 1, there's no reason to destroy a useful command. |
||
|---|---|---|
| .. | ||
| patch-approve | ||
| patch-archive2_pl | ||
| patch-archive_mh_pl | ||
| patch-bounce | ||
| patch-bounce-remind | ||
| patch-config_parse_pl | ||
| patch-config-test | ||
| patch-digest | ||
| patch-majordomo | ||
| patch-Makefile | ||
| patch-medit | ||
| patch-new-list | ||
| patch-request-answer | ||
| patch-resend | ||
| patch-sample_cf | ||
| patch-sequencer | ||
| patch-wrapper_c | ||