/[smecontribs]/rpms/mailman/contribs8/mailman-2.1.9-CVE-2010-3089.patch
ViewVC logotype

Annotation of /rpms/mailman/contribs8/mailman-2.1.9-CVE-2010-3089.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Fri Jul 12 21:04:21 2013 UTC (11 years, 4 months ago) by unnilennium
Branch: MAIN
CVS Tags: mailman-2_1_9-6_el5_6_1, mailman-2_1_9-20_el5_sme, mailman-2_1_9-6_el5_sme_20, HEAD
import new srpm

1 unnilennium 1.1 === modified file 'Mailman/Cgi/listinfo.py'
2     --- Mailman/Cgi/listinfo.py 2010-06-24 04:09:34 +0000
3     +++ Mailman/Cgi/listinfo.py 2010-09-05 14:38:30 +0000
4     @@ -97,7 +97,7 @@
5     else:
6     advertised.append((mlist.GetScriptURL('listinfo'),
7     mlist.real_name,
8     - mlist.description))
9     + Utils.websafe(mlist.description)))
10     if msg:
11     greeting = FontAttr(msg, color="ff5060", size="+1")
12     else:
13    
14     === modified file 'Mailman/HTMLFormatter.py'
15     --- Mailman/HTMLFormatter.py 2008-02-03 19:27:07 +0000
16     +++ Mailman/HTMLFormatter.py 2010-09-05 00:15:08 +0000
17     @@ -383,8 +383,9 @@
18     '<mm-mailman-footer>' : self.GetMailmanFooter(),
19     '<mm-list-name>' : self.real_name,
20     '<mm-email-user>' : self._internal_name,
21     - '<mm-list-description>' : self.description,
22     - '<mm-list-info>' : BR.join(self.info.split(NL)),
23     + '<mm-list-description>' : Utils.websafe(self.description),
24     + '<mm-list-info>' :
25     + '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
26     '<mm-form-end>' : self.FormatFormEnd(),
27     '<mm-archive>' : self.FormatArchiveAnchor(),
28     '</mm-archive>' : '</a>',
29    
30     diff --git a/Mailman/Utils.py b/Mailman/Utils.py
31     index 78c2933..4eb3e60 100644
32     --- Mailman/Utils.py
33     +++ Mailman/Utils.py
34     @@ -887,6 +887,7 @@ _badwords = [
35     '<i?frame',
36     '<link',
37     '<meta',
38     + '<object',
39     '<script',
40     r'(?:^|\W)j(?:ava)?script(?:\W|$)',
41     r'(?:^|\W)vbs(?:cript)?(?:\W|$)',

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed