Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp539166pxb; Mon, 25 Oct 2021 13:19:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfgu563G87KGe9zl3HixXXpVIiIUomWCNAo9bgJVL3qNqWiMJUJ9emcQEG++PRJBvJ95pv X-Received: by 2002:aa7:8d09:0:b0:44b:fd25:dd8a with SMTP id j9-20020aa78d09000000b0044bfd25dd8amr21432399pfe.41.1635193156269; Mon, 25 Oct 2021 13:19:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635193156; cv=none; d=google.com; s=arc-20160816; b=myKgQgkWxdAgd93doKDzOx3It7DgU/4zafAV/okhUXY0ysg7+9V4BNNJ3zwGZppyS6 Doos2xDyTUQ3c6BQJ94SXRBG9BBJqdyvsJO/ctWZhDnFTct5rX43CmxtaXyU8R0PeAVr 7WlmJtxd9mT70+WZOEqCULz9DDcyfbydRsqc8zFzQ38lgwOvQEvNQ5OG0VZPHII5zKAi ELjuEDZmfV/OchYcF0n8ZmwOUDaohdmbLMcTghUGNjj9w4yxJ2XoppKW9jD50OMlhxr1 6SQxs6hy2owrSHd8CkrWXeOz2FfaHr9+88cw19IzqfP6Xc2/pflRB5HVU0jX3wt7k2Zq GNSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=/wcdlkpultptyteCFR+azF3+dEscqOT8YqwdivQDRJ4=; b=rj9JM5BSkxMTDUE/h4nxhuFYwGCoct/vYZmBFnIxjVylkkqbgUjwOUmKM5zihVu1Ir vfXqImgO41K9lQTfqZykSxYzed6H5VfSoS/Ml8/2MkO42Q2DgxbXT9q2Ep4VXJqdGd2s 0EtOO0CEEdci7Tvil+u//1gIhQxCZphS9UdTeDzbwuW2Q/WMCVO/Yc5oDsZOUfmWvWON MEcNtHmKOT2aC0Dto/rFcORc/oVmvqK5udnRfLoZxwzkyFzk6Gl0QPGutlN+S1xpms7m AmRaA+XvZG+m2xoCqYB4Nwzd9+K9hgxCFCX+QQAWWhZti1KeY/S0KwEDY52qzxpoddy0 h/kA== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@sladewatkins.com header.s=google header.b=WOg3hWet; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b2si3506853pjw.42.2021.10.25.13.19.00; Mon, 25 Oct 2021 13:19:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@sladewatkins.com header.s=google header.b=WOg3hWet; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236961AbhJYUSH (ORCPT + 99 others); Mon, 25 Oct 2021 16:18:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237122AbhJYUSA (ORCPT ); Mon, 25 Oct 2021 16:18:00 -0400 Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C99BBC09155F for ; Mon, 25 Oct 2021 12:47:18 -0700 (PDT) Received: by mail-il1-x12c.google.com with SMTP id s3so14382672ild.0 for ; Mon, 25 Oct 2021 12:47:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sladewatkins.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/wcdlkpultptyteCFR+azF3+dEscqOT8YqwdivQDRJ4=; b=WOg3hWet6YZkVq6GSv3z63fZDFBEptrPL+UpCIh63sh6kUI/HAddduoMIKnVE/p17T O8ibikaFJ7OOukwbRPeE7BTtZ6OCtYolMDHsI99qEd1OYxowCOi1uZGKKQ/rOChiWtOr 6/5JC6mR4W4uvOtL6fTQcJC3lHa9iuWEXDVaeyfczNwMzxl8wNvBZQtMYa1GIiGX6+Dn CUdPaAP1XrqKM0eYhGq4KDLZE1wa+1CXHXXmwZJeWAYjOHxJIREU2Zb9qL2YdBTqMCgZ RBaucdxT2M9JLLHUREEhH7lx0/VYQn4Vq6xSGLH/7XV1vpsSIegANnTk7lAKUxcFgrj7 zgTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/wcdlkpultptyteCFR+azF3+dEscqOT8YqwdivQDRJ4=; b=6xfKAJwXrpK9ImsQHpF2fv2nU/E208bGJ4lgHfpMwWXr2IA2nn6BERQCtLUveP0+LR FWbbTh39ntM6NJewg/hoC79EMO7v2tbzquf8JIBAlakvc+cVHp50P7t5BBwy7c2xPJOg 4n2kooQW+rDAZL3L+FNdAQjtQHlbeAqRKZWGn5VI4j3KV7DsLnuQOqpEBYylfmFQFEgS SlxcWpPkK1jxYtLJWvk95vdyJp1S8c6R6ZX4PrklxWttDKHXYShY/0xwFw2o7Q23i7gd qnILa5sDTuyKY1nysPROg6kZme0hjxC1wbivQM7dn8kZqyVynkfbQ34IvKc0pyg/KPEt Eh/A== X-Gm-Message-State: AOAM5316eX4amsefwhXmp4mMfEghPB+GM0HA2W4MY1+80Z/2ObS4ODne mdIVhW1wKFgiu2LHL641L7iI0lvw89Q3f3q9DKulZA== X-Received: by 2002:a05:6e02:1112:: with SMTP id u18mr10457911ilk.206.1635191238217; Mon, 25 Oct 2021 12:47:18 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Slade Watkins Date: Mon, 25 Oct 2021 15:47:07 -0400 Message-ID: Subject: Re: Unsubscription Incident To: Metztli Information Technology Cc: Benjamin Poirier , Vladimir Oltean , Lijun Pan , Linux Kernel Mailing List , Networking , Alan Coopersmith , Shannon Nelson Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi there, On Mon, Oct 25, 2021 at 2:08 PM Metztli Information Technology wrote: > > > On 10/25/21 10:04 AM, Slade Watkins wrote: > > On Mon, Oct 25, 2021 at 12:43 AM Benjamin Poirier > > wrote: > >> On 2021-10-22 18:54 +0300, Vladimir Oltean wrote: > >>> On Fri, 22 Oct 2021 at 18:53, Lijun Pan wrote: > >>>> Hi, > >>>> > >>>> From Oct 11, I did not receive any emails from both linux-kernel and > >>>> netdev mailing list. Did anyone encounter the same issue? I subscribed > >>>> again and I can receive incoming emails now. However, I figured out > >>>> that anyone can unsubscribe your email without authentication. Maybe > >>>> it is just a one-time issue that someone accidentally unsubscribed my > >>>> email. But I would recommend that our admin can add one more > >>>> authentication step before unsubscription to make the process more > >>>> secure. > >>>> > >>>> Thanks, > >>>> Lijun > >>> Yes, the exact same thing happened to me. I got unsubscribed from all > >>> vger mailing lists. > >> It happened to a bunch of people on gmail: > >> https://lore.kernel.org/netdev/1fd8d0ac-ba8a-4836-59ab-0ed3b0321775@mojatatu.com/t/#u > > I can at least confirm that this didn't happen to me on my hosted > > Gmail through Google Workspace. Could be wrong, but it seems isolated > > to normal @gmail.com accounts. > > > > Best, > > -slade > > Niltze [Hello], all- > > Could it have something to do with the following? > > ---------- Forwarded message --------- > > From: Alan Coopersmith > Date: Thu, Oct 21, 2021 at 12:06 PM > Subject: [oss-security] Mailman 2.1.35 security release > To: > > > Quoting from Mark Sapiro's emails at: > https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ > > > A couple of vulnerabilities have recently been reported. Thanks to Andre > > Protas, Richard Cloke and Andy Nuttall of Apple for reporting these and > > helping with the development of a fix. > > > > CVE-2021-42096 could allow a list member to discover the list admin > > password. > > > > CVE-2021-42097 could allow a list member to create a successful CSRF > > attack against another list member enabling takeover of the members > account. > > > > These attacks can't be carried out by non-members so may not be of > > concern for sites with only trusted list members. Maybe? Are the kernel lists hosted through mailman or something based on it that would be affected by these CVEs? It has been so long since I last looked into it that I genuinely do not remember. > > > > I am pleased to announce the release of Mailman 2.1.35. > > > > This is a security and minor bug fix release. See the attached > > README.txt for details. For those who just want a patch for the security > > issues, see > > https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873. > > The patch is also attached to the bug reports at > > https://bugs.launchpad.net/mailman/+bug/1947639 and > > https://bugs.launchpad.net/mailman/+bug/1947640. The patch is the same > > on both and fixes both issues. > > > > As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1 > > branch from the GNU Mailman project. There has been some discussion as > > to what this means. It means there will be no more releases from the GNU > > Mailman project containing any new features. There may be future patch > > releases to address the following: > > > > i18n updates. > > security issues. > > bugs affecting operation for which no satisfactory workaround exists. > > > > Mailman 2.1.35 is the fifth such patch release. > > > > Mailman is free software for managing email mailing lists and > > e-newsletters. Mailman is used for all the python.org and > > SourceForge.net mailing lists, as well as at hundreds of other sites. > > > > For more information, please see our web site at one of: > > > > http://www.list.org > > https://www.gnu.org/software/mailman > > http://mailman.sourceforge.net/ > > > > Mailman 2.1.35 can be downloaded from > > > > https://launchpad.net/mailman/2.1/ > > https://ftp.gnu.org/gnu/mailman/ > > https://sourceforge.net/projects/mailman/ > > > -- > > -Alan Coopersmith- alan.coopersmith@oracle.com > > Oracle Solaris Engineering - https://blogs.oracle.com/alanc > > > Best Professional Regards. > > -- > Jose R R > http://metztli.it > --------------------------------------------------------------------------------------------- > Download Metztli Reiser4: Debian Bullseye w/ Linux 5.13.14 AMD64 > --------------------------------------------------------------------------------------------- > feats ZSTD compression https://sf.net/projects/metztli-reiser4/ > --------------------------------------------------------------------------------------------- > or SFRN 5.1.3, Metztli Reiser5 https://sf.net/projects/debian-reiser4/ > ------------------------------------------------------------------------------------------- > Official current Reiser4 resources: https://reiser4.wiki.kernel.org/ Thanks, -slade