[Mailman-Developers] Fix for cross-site scripting bug in Mailman 2.1.0

Barry A. Warsaw barry at python.org
Mon Jan 27 08:25:20 EST 2003

>>>>> "TK" == Tokio Kikuchi <tkikuchi at is.kochi-u.ac.jp> writes:

    TK> I forgot to realize language part of the bugtraq report!
    TK> There are also language=<...> bug in listinfo.py, roster.py
    TK> and subscribe.py. Is this bug in the error reporting function
    TK> of python cgilib? Better to correct the library I suppose.

    TK> Sorry but I have no time to generate patch now.

That's ok.  I think the language bug isn't an xss bug (there's no
%(language)s in the code), but it will crash if a false language is
given deliberately.

I will fix these for 2.1.1.


More information about the Mailman-Developers mailing list