[Bug 1437145] Re: Path traversal vulnerability exists in Mailman and can be exploited if Mailman's MTA is Exim.

Mark Sapiro mark at msapiro.net
Sun Mar 29 01:45:06 CET 2015


The patch to Mailman/Utils.py at
<https://bugs.launchpad.net/mailman/+bug/1437145/+attachment/4358114/+files/p>
can be applied with at most a line number offset to any Mailman 2.1.x
version, but the referenced mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS
setting didn't exist before Mailman 2.1.11 so if you are patching an
older version, you need to add

ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'

to mm_cfg.py and/or Defaults.py.

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1437145

Title:
  Path traversal vulnerability exists in Mailman and can be exploited if
  Mailman's MTA is Exim.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1437145/+subscriptions


More information about the Mailman-coders mailing list