------------------------------------------------------------
revno: 1844
fixes bug: https://launchpad.net/bugs/1873722
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Tue 2020-05-05 08:08:54 -0700
message:
Fixed options login content injection vulnerability.
modified:
Mailman/Cgi/options.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py 2019-03-06 17:48:32 +0000
+++ Mailman/Cgi/options.py 2020-05-05 15:08:54 +0000
@@ -173,7 +173,7 @@
try:
Utils.ValidateEmail(user)
except Errors.EmailAddressError:
- doc.addError(_('Illegal Email Address: %(safeuser)s'))
+ doc.addError(_('Illegal Email Address'))
loginpage(mlist, doc, None, language)
print doc.Format()
return
=== modified file 'NEWS'
--- NEWS 2020-04-26 03:16:14 +0000
+++ NEWS 2020-05-05 15:08:54 +0000
@@ -5,7 +5,12 @@
Here is a history of user visible changes to Mailman.
-2.1.30-1 (xx-xxx-xxxx)
+2.1.31 (05-May-2020)
+
+ Security
+
+ - A content injection vulnerability via the options login page has been
+ discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)
i18n
_______________________________________________
Mailman-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-checkins.python.org/
Member address: [email protected]
