Sorry for the n00b moment, but am I correct to think that the way to apply the patch is to issue the command:
patch <pathTo_Mailman/cgi/confirm.py> <pathTo_confirm_xss.patch.txt> ...when logged in with appropriate permissions and where each <thingInBrackets> is replaced with the appropriate file path. (I did check to see whether there were instructions posted on the web page. Maybe you included them on a different list.) Thanks, Dave -- David Brown [email protected] ; [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mark Sapiro Sent: Friday, February 18, 2011 11:02 AM To: Mailman Announce; Mailman i18n; Mailman Users; Mailman Developers Subject: Re: [Mailman-Developers] Mailman Security Patch Announcement -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/13/2011 1:58 PM, Mark Sapiro wrote: > An XXS vulnerability affecting Mailman 2.1.14 and prior versions has > recently been discovered. A patch has been developed to address this > issue. The patch is small, affects only one module and can be applied > to a live installation without requiring a restart. > > In order to accommodate those who need some notice before applying > such a patch, the patch will be posted on Friday, 18 February at about > 16:00 GMT to the same four lists to which this announcement is addressed. The vulnerability has been assigned CVE-2011-0707. The patch is attached as confirm_xss.patch.txt. - -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFNXpf1VVuXXpU7hpMRAs1nAJ97r3VEu5b5jl4JhdNv3r6x+ElqjQCghU+w Gp0hqWatECAYyAIL7IH9dGk= =8U6M -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
