[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1282: An XSS vulnerability, CVE-2011-0707, has been fixed.

Fri, 18 Feb 2011 17:38:36 -0800 

------------------------------------------------------------
revno: 1282
committer: Mark Sapiro <msap...@value.net>
branch nick: 2.1
timestamp: Fri 2011-02-18 17:33:50 -0800
message:
  An XSS vulnerability, CVE-2011-0707, has been fixed.
modified:
  Mailman/Cgi/confirm.py
  NEWS


--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1

Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to 
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription

=== modified file 'Mailman/Cgi/confirm.py'
--- Mailman/Cgi/confirm.py	2011-02-07 20:42:05 +0000
+++ Mailman/Cgi/confirm.py	2011-02-19 01:33:50 +0000
@@ -471,7 +471,7 @@
     if fullname is None:
         fullname = _('<em>Not available</em>')
     else:
-        fullname = Utils.uncanonstr(fullname, lang)
+        fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
     table.AddRow([_("""Your confirmation is required in order to complete the
     unsubscription request from the mailing list <em>%(listname)s</em>.  You
     are currently subscribed with
@@ -573,7 +573,7 @@
     if fullname is None:
         fullname = _('<em>Not available</em>')
     else:
-        fullname = Utils.uncanonstr(fullname, lang)
+        fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
     if globally:
         globallys = _('globally')
     else:
@@ -815,7 +815,7 @@
     if username is None:
         username = _('<em>not available</em>')
     else:
-        username = Utils.uncanonstr(username, lang)
+        username = Utils.websafe(Utils.uncanonstr(username, lang))
 
     table.AddRow([_("""Your membership in the %(realname)s mailing list is
     currently disabled due to excessive bounces.  Your confirmation is

=== modified file 'NEWS'
--- NEWS	2011-02-17 23:27:08 +0000
+++ NEWS	2011-02-19 01:33:50 +0000
@@ -6,6 +6,10 @@
 
 2.1.15 (xx-xxx-xxxx)
 
+  Security
+
+    - An XSS vulnerability, CVE-2011-0707, has been fixed.
+
   New Features
 
     - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control


_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

Reply via email to