The mailing list for listmasters using Sympa

[Robert McNicholas <address@concealed>]

I just had a weird bug reported, which I might not have believed if I 
had not been sent some screenshots.  This is on Sympa 6.2.14 running on 
Red Hat 7.5.

A list manager, call him "scott" wrote me:

> what just happened:
> 0) joey xxx (faculty) went in to muck w/some mailing list settings.
> 1) upon finding this out, i immediately went to the sympa page for that list 
> (xxx-announce)
> 2) i checked the settings, then moderates a message (reject, was a 
> double-send)
> 3) i noticed that the email notification about the rejection came from joey, 
> not myself
> 4) confused, i double-checked the sympa web interface and discovered that i was logged in as joey! 
He sent a screenshot showing that the logged-in user showing in the 
top-right of the page was "joey" instead of "scott".

scott is a privileged list owner, but not a listmaster, so he should not 
be able to impersonate another user.

Has anyone seen this before?

Thanks in advance for any advice,

-Rob McNicholas
Dept of Electrical Engineering and Computer Sciences
UC Berkeley