On Thu, 10 Feb 2005, Axel Beckert wrote:
> Am Thu, Feb 10, 2005 at 09:41:05AM -0500, Barry Warsaw schrieb:
> > Until Mailman 2.1.6 is released, the longer term fix is to apply
> > this patch:
> >
> > http://www.list.org/CAN-2005-0202.txt
>
> Which unfortunately only works with Python 2. Python 1 (respective at
> least 1.5.2) complains about syntax errors. (Which, in fact, also
> helps against the vulnerability by displaying the "You've found a
> Mailman bug" page. ;-)
>
> Is there any patch which complies with Python 1 syntax?
not as a patch, cause I haven't got a CVS repository available but you
can change the line
safe = [x for x in parts if x not in ('.', '..')]
which is list comprehension syntax into:
safe = []
for x in parts:
if x not in ('.', '..'):
safe.append(x)
which does obviously the same: Append to safe every x in parts which are
not "." or ".."
regards
Michael
_______________________________________________
Mailman-Developers mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
As a general rule, if you have questions regarding sensitive security issues,
you can post them to [EMAIL PROTECTED], which is a closed distribution list.
Please do not otherwise discuss sensitive security issues on any public mailing
list, until such time as an official announcement has been made, including
availability of a patch, etc....
Even if the issue has been publicly discussed in other forums, you should wait
for the official announcements before discussing them publicly, whether on
mailman-users, mailman-developers, or elsewhere.
