Package: gforge-lists-mailman
Version: 5.2.1+20130227-1
Severity: normal
Hi.
If one uses a character like "รด" (circumflex accent over o) in ML description
field at ML creation time in FusionForge, the string is passed to the mailman
config_list script, which fails on a Python stack trace like :
# /usr/share/gforge/bin/create-mailing-lists.pl
Traceback (most recent call last):
File "/usr/lib/mailman/bin/config_list", line 362, in <module>
main()
File "/usr/lib/mailman/bin/config_list", line 357, in main
do_input(listname, infile, checkonly, verbose)
File "/usr/lib/mailman/bin/config_list", line 263, in do_input
execfile(infile, globals)
File "/tmp/9fykga", line 1
SyntaxError: Non-ASCII character '\xc3' in file /tmp/9fykga on line 1, but no
encoding declared; see http://www.python.org/peps/pep-0263.html for details
Importing fix_url...
Running fix_url.fix_url()...
Loading list helpdesk-testaccent (locked)
Saving list
Finalizing
I'm not sure how bad this is, but I fear the list is not configured properly
(potential information disclpsure issue for list access control, etc ?).
The encoding should then be either refused by fusionforge, or simply escaped in
some way, before calling mailman's scripts.
Hope this helps.
Best regards,
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
