[Bug 1886117] [NEW] Scrubbed application/octet-stream parts should not have .obj extension
Public bug reported: This was fixed in Mailman 2.1.30 by using .bin for the extension, but a bug report was never created. The issue prior to 2.1.30 was a scrubbed attachment with no extion in it's name would be saved with a .obj extension and some web servers and or browsers would not recognize the .obj extension and possibly serve evil javascript as html. For more info see https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2020-12137 ** Affects: mailman Importance: Medium Status: Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12137 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1886117 Title: Scrubbed application/octet-stream parts should not have .obj extension To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1886117/+subscriptions
** Description changed: This was fixed in Mailman 2.1.30 by using .bin for the extension, but a bug report was never created. - The issue prior to 2.1.30 was a scrubbed attachment with no extion in + The issue prior to 2.1.30 was a scrubbed attachment with no extension in it's name would be saved with a .obj extension and some web servers and or browsers would not recognize the .obj extension and possibly serve evil javascript as html. For more info see https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2020-12137 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1886117 Title: Scrubbed application/octet-stream parts should not have .obj extension To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1886117/+subscriptions
participants (1)
-
Mark Sapiro