[Mailman-checkins] [Branch ~mailman-coders/mailman/2.2] Rev 1149: An XSS vulnerability, CVE-2011-0707, has been fixed.

Fri, 18 Feb 2011 17:38:44 -0800 

------------------------------------------------------------
revno: 1149
committer: Mark Sapiro <msap...@value.net>
branch nick: 2.2
timestamp: Fri 2011-02-18 17:31:25 -0800
message:
  An XSS vulnerability, CVE-2011-0707, has been fixed.
modified:
  Mailman/Cgi/confirm.py
  NEWS


--
lp:mailman/2.2
https://code.launchpad.net/~mailman-coders/mailman/2.2

Your team Mailman Checkins is subscribed to branch lp:mailman/2.2.
To unsubscribe from this branch go to 
https://code.launchpad.net/~mailman-coders/mailman/2.2/+edit-subscription

=== modified file 'Mailman/Cgi/confirm.py'
--- Mailman/Cgi/confirm.py	2011-02-07 20:45:08 +0000
+++ Mailman/Cgi/confirm.py	2011-02-19 01:31:25 +0000
@@ -472,7 +472,7 @@
     if fullname is None:
         fullname = _('<em>Not available</em>')
     else:
-        fullname = Utils.uncanonstr(fullname, lang)
+        fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
     table.AddRow([_("""Your confirmation is required in order to complete the
     unsubscription request from the mailing list <em>%(listname)s</em>.  You
     are currently subscribed with
@@ -574,7 +574,7 @@
     if fullname is None:
         fullname = _('<em>Not available</em>')
     else:
-        fullname = Utils.uncanonstr(fullname, lang)
+        fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
     if globally:
         globallys = _('globally')
     else:
@@ -816,7 +816,7 @@
     if username is None:
         username = _('<em>not available</em>')
     else:
-        username = Utils.uncanonstr(username, lang)
+        username = Utils.websafe(Utils.uncanonstr(username, lang))
 
     table.AddRow([_("""Your membership in the %(realname)s mailing list is
     currently disabled due to excessive bounces.  Your confirmation is

=== modified file 'NEWS'
--- NEWS	2011-02-17 23:29:20 +0000
+++ NEWS	2011-02-19 01:31:25 +0000
@@ -76,6 +76,10 @@
 
 2.1.15 (xx-xxx-xxxx)
 
+  Security
+
+    - An XSS vulnerability, CVE-2011-0707, has been fixed.
+
   New Features
 
     - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control


_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

Reply via email to