Public bug reported:
If a malicious user, bot or whatever POSTs or GETs with query data to the subscribe CGI and the data contains multiple 'digest=' fragments, the resultant digest data seen by the subscribe CGI is a list rather than a string. The CGI calls int() on this which throws TypeError.
The int() call is already in a try: that catches ValueError. It needs to catch TypeError too.
** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress
** Branch linked: lp:mailman/2.1
** Changed in: mailman Status: In Progress => Fix Committed
** Changed in: mailman Status: Fix Committed => Fix Released