/[smecontribs]/rpms/mailman/contribs8/mailman-2.1.9-CVE-2010-3089.patch
ViewVC logotype

Contents of /rpms/mailman/contribs8/mailman-2.1.9-CVE-2010-3089.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Fri Jul 12 21:04:21 2013 UTC (11 years, 4 months ago) by unnilennium
Branch: MAIN
CVS Tags: mailman-2_1_9-6_el5_6_1, mailman-2_1_9-20_el5_sme, mailman-2_1_9-6_el5_sme_20, HEAD
import new srpm

1 === modified file 'Mailman/Cgi/listinfo.py'
2 --- Mailman/Cgi/listinfo.py 2010-06-24 04:09:34 +0000
3 +++ Mailman/Cgi/listinfo.py 2010-09-05 14:38:30 +0000
4 @@ -97,7 +97,7 @@
5 else:
6 advertised.append((mlist.GetScriptURL('listinfo'),
7 mlist.real_name,
8 - mlist.description))
9 + Utils.websafe(mlist.description)))
10 if msg:
11 greeting = FontAttr(msg, color="ff5060", size="+1")
12 else:
13
14 === modified file 'Mailman/HTMLFormatter.py'
15 --- Mailman/HTMLFormatter.py 2008-02-03 19:27:07 +0000
16 +++ Mailman/HTMLFormatter.py 2010-09-05 00:15:08 +0000
17 @@ -383,8 +383,9 @@
18 '<mm-mailman-footer>' : self.GetMailmanFooter(),
19 '<mm-list-name>' : self.real_name,
20 '<mm-email-user>' : self._internal_name,
21 - '<mm-list-description>' : self.description,
22 - '<mm-list-info>' : BR.join(self.info.split(NL)),
23 + '<mm-list-description>' : Utils.websafe(self.description),
24 + '<mm-list-info>' :
25 + '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
26 '<mm-form-end>' : self.FormatFormEnd(),
27 '<mm-archive>' : self.FormatArchiveAnchor(),
28 '</mm-archive>' : '</a>',
29
30 diff --git a/Mailman/Utils.py b/Mailman/Utils.py
31 index 78c2933..4eb3e60 100644
32 --- Mailman/Utils.py
33 +++ Mailman/Utils.py
34 @@ -887,6 +887,7 @@ _badwords = [
35 '<i?frame',
36 '<link',
37 '<meta',
38 + '<object',
39 '<script',
40 r'(?:^|\W)j(?:ava)?script(?:\W|$)',
41 r'(?:^|\W)vbs(?:cript)?(?:\W|$)',

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed