Bug#327732: marked as done (Messages with invalid filenames don't get archived)

[Debian Bug Tracking System]

Your message dated Sat, 26 Nov 2005 01:32:08 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#327732: fixed in mailman 2.1.5-10
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Sep 2005 18:51:36 +0000
>From [EMAIL PROTECTED] Sun Sep 11 11:51:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from galileo.cujae.edu.cu [200.55.139.18] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EEWvP-0005Jo-00; Sun, 11 Sep 2005 11:51:36 -0700
Received: from galileo.cujae.edu.cu (galileo [127.0.0.1])
        by galileo.cujae.edu.cu (Postfix) with SMTP id B7D98B0016
        for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 14:50:49 -0400 (CDT)
Received: from newton.cujae.edu.cu (proxy2.cujae.edu.cu [172.16.13.69])
        by galileo.cujae.edu.cu (Postfix) with ESMTP id 9AC75B0011
        for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 14:50:49 -0400 (CDT)
Received: from newton (localhost.localdomain [127.0.0.1])
        by newton.cujae.edu.cu (Postfix) with SMTP id 253C33CC2D2
        for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 14:50:41 -0400 (CDT)
Received: by newton.cujae.edu.cu (Postfix, from userid 1001)
        id 150F03CC2D6; Sun, 11 Sep 2005 14:50:41 -0400 (CDT)
Received: from tesla.cujae.edu.cu (tesla.cujae.edu.cu [172.16.13.34])
        by newton.cujae.edu.cu (Postfix) with ESMTP id D3DA83CC2D2
        for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 14:50:40 -0400 (CDT)
Received: from [172.17.24.11] by tesla.cujae.edu.cu
        (Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.0.2.R)
        with ESMTP id 04-md50000003310.msg
        for <[EMAIL PROTECTED]>; Sun, 11 Sep 2005 14:50:52 -0400
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 11 Sep 2005 14:50:02 -0400
From: Aliet Santiesteban Sifontes <[EMAIL PROTECTED]>
User-Agent: Thunderbird 1.0+ (Windows/20050803)
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Dos attack to a list in mailman using sarge due to impropper handling
 of exception of utf8
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: [EMAIL PROTECTED]
X-MDRemoteIP: 172.17.24.11
X-Return-Path: [EMAIL PROTECTED]
X-MDaemon-Deliver-To: [EMAIL PROTECTED]
X-Spam-Processed: tesla.cujae.edu.cu, Sun, 11 Sep 2005 14:50:53 -0400
X-MDAV-Processed: tesla.cujae.edu.cu, Sun, 11 Sep 2005 14:50:53 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: mailman
Version: 2.1.5-8
Severity: |grave|

Site running several lists, it seems that a specially formed message can Dos a 
list 
due to impropper handling of a exception, the lists sops working, here the 
mailman error, all messages then
goes to shunt:


Sep 11 13:34:35 2005 (12535) Uncaught runner exception: 'utf8' codec can't 
decode bytes in position 1-4: invalid data
Sep 11 13:34:35 2005 (12535) Traceback (most recent call last):
  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 111, in _oneloop
    self._onefile(msg, msgdata)
  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 167, in _onefile
    keepqueued = self._dispose(mlist, msg, msgdata)
  File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
    more = self._dopipeline(mlist, msg, msgdata, pipeline)
  File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in 
_dopipeline
    sys.modules[modname].process(mlist, msg, msgdata)
  File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 91, in process
    send_digests(mlist, mboxfp)
  File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 132, in 
send_digests
    send_i18n_digests(mlist, mboxfp)
  File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 306, in 
send_i18n_digests
    msg = scrubber(mlist, msg)
  File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 265, in process
    url = save_attachment(mlist, part, dir)
  File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 361, in 
save_attachment
    fnext = os.path.splitext(msg.get_filename(''))[1]
  File "/usr/lib/python2.3/email/Message.py", line 731, in get_filename
    return unicode(newvalue[2], newvalue[0] or 'us-ascii')
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 1-4: invalid 
data

Sep 11 13:34:35 2005 (12535) SHUNTING: 
1126458561.9029009+2ca02ecc54d36f4e0a88a7ab17fc28736bd23635


Any ideas?





---------------------------------------
Received: (at 327732-close) by bugs.debian.org; 26 Nov 2005 09:41:30 +0000
>From [EMAIL PROTECTED] Sat Nov 26 01:41:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1EfwPg-0002iO-VO; Sat, 26 Nov 2005 01:32:08 -0800
From: Lionel Elie Mamane <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#327732: fixed in mailman 2.1.5-10
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 26 Nov 2005 01:32:08 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 12

Source: mailman
Source-Version: 2.1.5-10

We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:

mailman_2.1.5-10.diff.gz
  to pool/main/m/mailman/mailman_2.1.5-10.diff.gz
mailman_2.1.5-10.dsc
  to pool/main/m/mailman/mailman_2.1.5-10.dsc
mailman_2.1.5-10_sparc.deb
  to pool/main/m/mailman/mailman_2.1.5-10_sparc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lionel Elie Mamane <[EMAIL PROTECTED]> (supplier of updated mailman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Sat, 26 Nov 2005 10:03:23 +0100
Source: mailman
Binary: mailman
Architecture: source sparc
Version: 2.1.5-10
Distribution: unstable
Urgency: low
Maintainer: Mailman for Debian <[EMAIL PROTECTED]>
Changed-By: Lionel Elie Mamane <[EMAIL PROTECTED]>
Description: 
 mailman    - Powerful, web-based mailing list manager
Closes: 244700 298842 310451 312673 313800 315358 326024 327732 332018 339582 
339890 340036
Changes: 
 mailman (2.1.5-10) unstable; urgency=low
 .
   * Merge with 2.1.5-8ubuntu2:
     Python 2.4 compatibility patch in bounce handling.
   * Don't fall apart if the filename of an attachment is an invalid UTF-8
     string (closes: #327732)
   * Don't die on overflow in date handling (closes: #326024)
   * Enable error handling in HyperArch (closes: #310451)
   * Ensure list-id is always in brackets in headers (closes: #244700)
   * Admin page: don't assume subscribed emails are pure ASCII
     (closes: #315358)
   * Bump up Standards-Version to 3.6.2
   * Add vietnamese translation (closes: #312673)
   * Apply corrections to german translation (closes: #313800)
   * Adapt to the md5sum in dpkg or coreutils automatically (closes: #340036)
   * More robust parsing of /var/lib/ucf/hashfile:
     - Don't touch files of other packages that happen to have
       our file's full path as subpath.
     - Accept any number of spaces between the hash and the filename there.
   * Work around ucf bug #238730 for postfix-to-mailman.py, too.
   * Fix traceback on Danish version of options page (closes: #339582)
   * Fix the private authentication form to point to the right file
     (closes: #298842)
   * Add Swedish debconf template translation (closes: #339890)
   * Depend on any debconf-2.0 implementation instead of debconf
     specifically (closes: #332018)
   * Copyright file:
     - New FSF address
     - List the other maintainers
   * Depend on adduser, used in preinst
   * Move away from deprecated user.group syntax in chown
   * Ensure package is built with autoconf 2.5x, not autoconf 2.13
Files: 
 5b95f8fb72914b06671e9f6456a4c98f 740 mail optional mailman_2.1.5-10.dsc
 bd18d18647a42bf574838919762a7324 200228 mail optional mailman_2.1.5-10.diff.gz
 8593eb6dd20d33bb913d332d46861d3b 6620074 mail optional 
mailman_2.1.5-10_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iEYEAREDAAYFAkOIKvQACgkQscRzFz57S3O5qACeM6eQIR43ywNLUdfEfjW6Vigt
qmUAn33W4Yg9cATH7ZSjjHnXObSGdNfk
=oT8O
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]