Barry,
I forgot to realize language part of the bugtraq report!
There are also language=<...> bug in listinfo.py, roster.py
and subscribe.py. Is this bug in the error reporting function
of python cgilib? Better to correct the library I suppose.
Sorry but I have no time to generate patch now.
Barry A. Warsaw wrote:
The cross-site scripting bug in Mailman 2.1.0 that was reported on
Bugtraq has been fixed. My thanks to all who reported this (except
unfortunately the person who posted it to bugtraq before contacting me
first. :/ ). Special thanks to Tokio Kikuchi who worked out the
essential fix.
The patch is at:
http://sourceforge.net/project/showfiles.php?group_id=103
(see the file xss-2.1.0-patch.txt)
And the original Bugtraq announcement is here:
http://online.securityfocus.com/archive/1/308154
This patch will be part of Mailman 2.1.1 which is nearing release.
-Barry
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
