[Bug 1437145] Re: Path traversal vulnerability exists in Mailman and can be exploited if Mailman's MTA is Exim.
mark at msapiro.net
Sun Mar 29 01:45:06 CET 2015
The patch to Mailman/Utils.py at
can be applied with at most a line number offset to any Mailman 2.1.x
version, but the referenced mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS
setting didn't exist before Mailman 2.1.11 so if you are patching an
older version, you need to add
ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
to mm_cfg.py and/or Defaults.py.
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
Path traversal vulnerability exists in Mailman and can be exploited if
Mailman's MTA is Exim.
To manage notifications about this bug go to:
More information about the Mailman-coders