[Mailman-Developers] Re: [Mailman-Announce] Critical security
update for Mailman 2.1.5 and earlier
Michael Janssen
Janssen at rz.uni-frankfurt.de
Mon Feb 14 16:46:10 CET 2005
On Thu, 10 Feb 2005, Axel Beckert wrote:
> Am Thu, Feb 10, 2005 at 09:41:05AM -0500, Barry Warsaw schrieb:
> > Until Mailman 2.1.6 is released, the longer term fix is to apply
> > this patch:
> >
> > http://www.list.org/CAN-2005-0202.txt
>
> Which unfortunately only works with Python 2. Python 1 (respective at
> least 1.5.2) complains about syntax errors. (Which, in fact, also
> helps against the vulnerability by displaying the "You've found a
> Mailman bug" page. ;-)
>
> Is there any patch which complies with Python 1 syntax?
not as a patch, cause I haven't got a CVS repository available but you
can change the line
safe = [x for x in parts if x not in ('.', '..')]
which is list comprehension syntax into:
safe = []
for x in parts:
if x not in ('.', '..'):
safe.append(x)
which does obviously the same: Append to safe every x in parts which are
not "." or ".."
regards
Michael
More information about the Mailman-Developers
mailing list