/[smecontribs]/rpms/mailman/contribs10/mailman-2.1.9-CVE-2010-3089.patch
ViewVC logotype

Annotation of /rpms/mailman/contribs10/mailman-2.1.9-CVE-2010-3089.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Feb 22 15:33:56 2021 UTC (3 years, 8 months ago) by brianr
Branch: MAIN
CVS Tags: HEAD
Initial import

1 brianr 1.1 === modified file 'Mailman/Cgi/listinfo.py'
2     --- Mailman/Cgi/listinfo.py 2010-06-24 04:09:34 +0000
3     +++ Mailman/Cgi/listinfo.py 2010-09-05 14:38:30 +0000
4     @@ -97,7 +97,7 @@
5     else:
6     advertised.append((mlist.GetScriptURL('listinfo'),
7     mlist.real_name,
8     - mlist.description))
9     + Utils.websafe(mlist.description)))
10     if msg:
11     greeting = FontAttr(msg, color="ff5060", size="+1")
12     else:
13    
14     === modified file 'Mailman/HTMLFormatter.py'
15     --- Mailman/HTMLFormatter.py 2008-02-03 19:27:07 +0000
16     +++ Mailman/HTMLFormatter.py 2010-09-05 00:15:08 +0000
17     @@ -383,8 +383,9 @@
18     '<mm-mailman-footer>' : self.GetMailmanFooter(),
19     '<mm-list-name>' : self.real_name,
20     '<mm-email-user>' : self._internal_name,
21     - '<mm-list-description>' : self.description,
22     - '<mm-list-info>' : BR.join(self.info.split(NL)),
23     + '<mm-list-description>' : Utils.websafe(self.description),
24     + '<mm-list-info>' :
25     + '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
26     '<mm-form-end>' : self.FormatFormEnd(),
27     '<mm-archive>' : self.FormatArchiveAnchor(),
28     '</mm-archive>' : '</a>',
29    
30     === modified file 'Mailman/Utils.py'
31     --- Mailman/Utils.py 2009-08-01 19:22:34 +0000
32     +++ Mailman/Utils.py 2010-09-05 14:36:02 +0000
33     @@ -911,6 +911,7 @@
34     # Kludge to allow the specific tag that's in the options.html template.
35     '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)',
36     '<meta',
37     + '<object',
38     '<script',
39     r'(?:^|\W)j(?:ava)?script(?:\W|$)',
40     r'(?:^|\W)vbs(?:cript)?(?:\W|$)',
41    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed