------------------------------------------------------------
revno: 1892
fixes bug: https://launchpad.net/bugs/2017813
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Wed 2023-04-26 13:34:45 -0700
message:
Fixed yet another possible list membership leak via the user options CGI.
modified:
Mailman/Cgi/options.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py 2023-04-05 23:46:40 +0000
+++ Mailman/Cgi/options.py 2023-04-26 20:34:45 +0000
@@ -193,6 +193,9 @@
user)
doc.addError(msgd, tag='')
user = None
+ # We get here with a non-None user in the case of a non-member with
+ # private rosters. user should be None in every case.
+ user = None
loginpage(mlist, doc, user, language)
print doc.Format()
return
=== modified file 'NEWS'
--- NEWS 2023-04-05 23:46:40 +0000
+++ NEWS 2023-04-26 20:34:45 +0000
@@ -22,6 +22,8 @@
(LP: #1968443)
- Another possible list membership leak via the user options CGI is fixed.
(LP: #2015416)
+ - Yet another possible list membership leak via the user options CGI is
+ fixed. (LP:#2017813)
2.1.39 (13-Dec-2021)
_______________________________________________
Mailman-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-checkins.python.org/
Member address: [email protected]
