[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c00f22d2-6566-8911-b56b-142f6fe42b8c@metztli.com>
Date: Mon, 25 Oct 2021 11:08:16 -0700
From: Metztli Information Technology <jose.r.r@...ztli.com>
To: Slade Watkins <slade@...dewatkins.com>,
Benjamin Poirier <benjamin.poirier@...il.com>
Cc: Vladimir Oltean <olteanv@...il.com>,
Lijun Pan <lijunp213@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Networking <netdev@...r.kernel.org>,
Alan Coopersmith <alan.coopersmith@...cle.com>
Subject: Re: Unsubscription Incident
On 10/25/21 10:04 AM, Slade Watkins wrote:
> On Mon, Oct 25, 2021 at 12:43 AM Benjamin Poirier
> <benjamin.poirier@...il.com> wrote:
>> On 2021-10-22 18:54 +0300, Vladimir Oltean wrote:
>>> On Fri, 22 Oct 2021 at 18:53, Lijun Pan <lijunp213@...il.com> wrote:
>>>> Hi,
>>>>
>>>> From Oct 11, I did not receive any emails from both linux-kernel and
>>>> netdev mailing list. Did anyone encounter the same issue? I subscribed
>>>> again and I can receive incoming emails now. However, I figured out
>>>> that anyone can unsubscribe your email without authentication. Maybe
>>>> it is just a one-time issue that someone accidentally unsubscribed my
>>>> email. But I would recommend that our admin can add one more
>>>> authentication step before unsubscription to make the process more
>>>> secure.
>>>>
>>>> Thanks,
>>>> Lijun
>>> Yes, the exact same thing happened to me. I got unsubscribed from all
>>> vger mailing lists.
>> It happened to a bunch of people on gmail:
>> https://lore.kernel.org/netdev/1fd8d0ac-ba8a-4836-59ab-0ed3b0321775@mojatatu.com/t/#u
> I can at least confirm that this didn't happen to me on my hosted
> Gmail through Google Workspace. Could be wrong, but it seems isolated
> to normal @gmail.com accounts.
>
> Best,
> -slade
Niltze [Hello], all-
Could it have something to do with the following?
---------- Forwarded message ---------
From: Alan Coopersmith <alan.coopersmith@...cle.com>
Date: Thu, Oct 21, 2021 at 12:06 PM
Subject: [oss-security] Mailman 2.1.35 security release
To: <oss-security@...ts.openwall.com>
Quoting from Mark Sapiro's emails at:
https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
> A couple of vulnerabilities have recently been reported. Thanks to Andre
> Protas, Richard Cloke and Andy Nuttall of Apple for reporting these and
> helping with the development of a fix.
>
> CVE-2021-42096 could allow a list member to discover the list admin
> password.
>
> CVE-2021-42097 could allow a list member to create a successful CSRF
> attack against another list member enabling takeover of the members
account.
>
> These attacks can't be carried out by non-members so may not be of
> concern for sites with only trusted list members.
> I am pleased to announce the release of Mailman 2.1.35.
>
> This is a security and minor bug fix release. See the attached
> README.txt for details. For those who just want a patch for the security
> issues, see
> https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873.
> The patch is also attached to the bug reports at
> https://bugs.launchpad.net/mailman/+bug/1947639 and
> https://bugs.launchpad.net/mailman/+bug/1947640. The patch is the same
> on both and fixes both issues.
>
> As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1
> branch from the GNU Mailman project. There has been some discussion as
> to what this means. It means there will be no more releases from the GNU
> Mailman project containing any new features. There may be future patch
> releases to address the following:
>
> i18n updates.
> security issues.
> bugs affecting operation for which no satisfactory workaround exists.
>
> Mailman 2.1.35 is the fifth such patch release.
>
> Mailman is free software for managing email mailing lists and
> e-newsletters. Mailman is used for all the python.org and
> SourceForge.net mailing lists, as well as at hundreds of other sites.
>
> For more information, please see our web site at one of:
>
> http://www.list.org
> https://www.gnu.org/software/mailman
> http://mailman.sourceforge.net/
>
> Mailman 2.1.35 can be downloaded from
>
> https://launchpad.net/mailman/2.1/
> https://ftp.gnu.org/gnu/mailman/
> https://sourceforge.net/projects/mailman/
> --
> -Alan Coopersmith- alan.coopersmith@...cle.com
> Oracle Solaris Engineering - https://blogs.oracle.com/alanc
Best Professional Regards.
--
Jose R R
http://metztli.it
---------------------------------------------------------------------------------------------
Download Metztli Reiser4: Debian Bullseye w/ Linux 5.13.14 AMD64
---------------------------------------------------------------------------------------------
feats ZSTD compression https://sf.net/projects/metztli-reiser4/
---------------------------------------------------------------------------------------------
or SFRN 5.1.3, Metztli Reiser5 https://sf.net/projects/debian-reiser4/
-------------------------------------------------------------------------------------------
Official current Reiser4 resources: https://reiser4.wiki.kernel.org/
Powered by blists - more mailing lists