[Mailman-Users] Re: [Mailman-Announce] Critical security update for Mailman 2.1.5 and earlier
tkikuchi at is.kochi-u.ac.jp
Fri Feb 11 02:06:55 CET 2005
> As I noticed, 2.0.x versions (at least 2.0.13) are vulnerable,
> too. (As the subject of the announcement also suggested.)
> Which unfortunately only works with Python 2.
> Python 1 (respective at least 1.5.2) complains about syntax
> errors. (Which, in fact, also helps against the vulnerability by
> displaying the "You've found a Mailman bug" page. ;-)
Change the true_path function as:
"Ensure that the path is safe by removing .."
path = re.sub('\.+/+', '', path)
and try. Sorry but I have no 2.0.x around but only found a machine which
have working Python 1.x installed.
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
More information about the Mailman-Users