[Mailman-Developers] Fix for cross-site scripting bug in Mailman
tkikuchi at is.kochi-u.ac.jp
Mon Jan 27 14:17:14 EST 2003
I forgot to realize language part of the bugtraq report!
There are also language=<...> bug in listinfo.py, roster.py
and subscribe.py. Is this bug in the error reporting function
of python cgilib? Better to correct the library I suppose.
Sorry but I have no time to generate patch now.
Barry A. Warsaw wrote:
> The cross-site scripting bug in Mailman 2.1.0 that was reported on
> Bugtraq has been fixed. My thanks to all who reported this (except
> unfortunately the person who posted it to bugtraq before contacting me
> first. :/ ). Special thanks to Tokio Kikuchi who worked out the
> essential fix.
> The patch is at:
> (see the file xss-2.1.0-patch.txt)
> And the original Bugtraq announcement is here:
> This patch will be part of Mailman 2.1.1 which is nearing release.
> Mailman-Developers mailing list
> Mailman-Developers at python.org
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
More information about the Mailman-Developers