Sorry for the n00b moment, but am I correct to think that the way to apply the patch is to issue the command:
patch <pathTo_Mailman/cgi/confirm.py> <pathTo_confirm_xss.patch.txt>
...when logged in with appropriate permissions and where each <thingInBrackets> is replaced with the appropriate file path.
(I did check to see whether there were instructions posted on the web page. Maybe you included them on a different list.)
Thanks, Dave -- David Brown firstname.lastname@example.org ; email@example.com
-----Original Message----- From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Mark Sapiro Sent: Friday, February 18, 2011 11:02 AM To: Mailman Announce; Mailman i18n; Mailman Users; Mailman Developers Subject: Re: [Mailman-Developers] Mailman Security Patch Announcement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2/13/2011 1:58 PM, Mark Sapiro wrote:
An XXS vulnerability affecting Mailman 2.1.14 and prior versions has recently been discovered. A patch has been developed to address this issue. The patch is small, affects only one module and can be applied to a live installation without requiring a restart.
In order to accommodate those who need some notice before applying such a patch, the patch will be posted on Friday, 18 February at about 16:00 GMT to the same four lists to which this announcement is addressed.
The vulnerability has been assigned CVE-2011-0707.
The patch is attached as confirm_xss.patch.txt.
Mark Sapiro firstname.lastname@example.org The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan