Date: Mon, 7 Mar 2011 17:15:09 GMT From: Hilko Meyer <hilko.meer@gmx.de> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/155355: XXS vulnerability affecting Mailman 2.1.14 and prior Message-ID: <201103071715.p27HF95Y044966@red.freebsd.org> Resent-Message-ID: <201103071720.p27HK9LH055446@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 155355 >Category: ports >Synopsis: XXS vulnerability affecting Mailman 2.1.14 and prior >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 07 17:20:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Hilko Meyer >Release: >Organization: >Environment: >Description: Quoting http://mail.python.org/pipermail/mailman-developers/2011-February/021318.html On 2/13/2011 1:58 PM, Mark Sapiro wrote: > An XXS vulnerability affecting Mailman 2.1.14 and prior versions has > recently been discovered. A patch has been developed to address this > issue. The patch is small, affects only one module and can be applied to > a live installation without requiring a restart. > > In order to accommodate those who need some notice before applying such > a patch, the patch will be posted on Friday, 18 February at about 16:00 > GMT to the same four lists to which this announcement is addressed. The vulnerability has been assigned CVE-2011-0707. The patch is attached as confirm_xss.patch.txt. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0707 >How-To-Repeat: >Fix: Patch is in: http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt Patch attached with submission follows: === modified file 'Mailman/Cgi/confirm.py' --- Mailman/Cgi/confirm.py 2010-03-29 20:48:11 +0000 +++ Mailman/Cgi/confirm.py 2011-02-12 02:24:47 +0000 @@ -471,7 +471,7 @@ if fullname is None: fullname = _('<em>Not available</em>') else: - fullname = Utils.uncanonstr(fullname, lang) + fullname = Utils.websafe(Utils.uncanonstr(fullname, lang)) table.AddRow([_("""Your confirmation is required in order to complete the unsubscription request from the mailing list <em>%(listname)s</em>. You are currently subscribed with @@ -573,7 +573,7 @@ if fullname is None: fullname = _('<em>Not available</em>') else: - fullname = Utils.uncanonstr(fullname, lang) + fullname = Utils.websafe(Utils.uncanonstr(fullname, lang)) if globally: globallys = _('globally') else: @@ -814,7 +814,7 @@ if username is None: username = _('<em>not available</em>') else: - username = Utils.uncanonstr(username, lang) + username = Utils.websafe(Utils.uncanonstr(username, lang)) table.AddRow([_("""Your membership in the %(realname)s mailing list is currently disabled due to excessive bounces. Your confirmation is >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103071715.p27HF95Y044966>