[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1553: Fix for path traversal vulnerability.

Tue, 31 Mar 2015 09:44:49 -0700 

------------------------------------------------------------
revno: 1553
fixes bug: https://launchpad.net/bugs/1437145
committer: Mark Sapiro <m...@msapiro.net>
branch nick: 2.1
timestamp: Fri 2015-03-27 14:12:16 -0700
message:
  Fix for path traversal vulnerability.
modified:
  Mailman/Defaults.py.in
  Mailman/Utils.py
  NEWS


--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1

Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to 
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription

=== modified file 'Mailman/Defaults.py.in'
--- Mailman/Defaults.py.in	2015-02-13 18:41:28 +0000
+++ Mailman/Defaults.py.in	2015-03-27 21:12:16 +0000
@@ -138,7 +138,7 @@
 
 # A Python regular expression character class which defines the characters
 # allowed in list names.  Lists cannot be created with names containing any
-# character that doesn't match this class.
+# character that doesn't match this class.  Do not include '/' in this list.
 ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
 
 # Shall the user's real names be displayed along with their email addresses

=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py	2015-01-23 23:50:47 +0000
+++ Mailman/Utils.py	2015-03-27 21:12:16 +0000
@@ -100,6 +100,12 @@
     #
     # The former two are for 2.1alpha3 and beyond, while the latter two are
     # for all earlier versions.
+    #
+    # But first ensure the list name doesn't contain a path traversal
+    # attack.
+    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
+        syslog('mischief', 'Hostile listname: %s', listname)
+        return False
     basepath = Site.get_listpath(listname)
     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
         dbfile = os.path.join(basepath, 'config' + ext)

=== modified file 'NEWS'
--- NEWS	2015-03-09 20:37:28 +0000
+++ NEWS	2015-03-27 21:12:16 +0000
@@ -5,7 +5,15 @@
 
 Here is a history of user visible changes to Mailman.
 
-2.1.20 (xx-xxx-xxxx)
+2.1.20 (31-Mar-2015)
+
+  Security
+
+    - A path traversal vulnerability has been discovered and fixed.  This
+      vulnerability is only exploitable by a local user on a Mailman server
+      where the suggested Exim transport, the Postfix postfix_to_mailman.py
+      transport or some other programmatic MTA delivery not using aliases
+      is employed.  CVE-2015-2775  (LP: #1437145)
 
   New Features
 


_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

Reply via email to