[Mailman-Developers] Fix for cross-site scripting bug in Mailman
2.1.0
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Mon Jan 27 14:17:14 EST 2003
Barry,
I forgot to realize language part of the bugtraq report!
There are also language=<...> bug in listinfo.py, roster.py
and subscribe.py. Is this bug in the error reporting function
of python cgilib? Better to correct the library I suppose.
Sorry but I have no time to generate patch now.
Barry A. Warsaw wrote:
> The cross-site scripting bug in Mailman 2.1.0 that was reported on
> Bugtraq has been fixed. My thanks to all who reported this (except
> unfortunately the person who posted it to bugtraq before contacting me
> first. :/ ). Special thanks to Tokio Kikuchi who worked out the
> essential fix.
>
> The patch is at:
>
> http://sourceforge.net/project/showfiles.php?group_id=103
>
> (see the file xss-2.1.0-patch.txt)
>
> And the original Bugtraq announcement is here:
>
> http://online.securityfocus.com/archive/1/308154
>
> This patch will be part of Mailman 2.1.1 which is nearing release.
>
> -Barry
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
>
>
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Developers
mailing list