[Mailman-Users] Critical security update for Mailman 2.1.5 and earlier
Axel Beckert
beckert at ecos.de
Fri Feb 11 09:13:30 CET 2005
Hi!
Am Fri, Feb 11, 2005 at 10:06:55AM +0900, Tokio Kikuchi schrieb:
> >Python 1 (respective at least 1.5.2) complains about syntax
> >errors. (Which, in fact, also helps against the vulnerability by
> >displaying the "You've found a Mailman bug" page. ;-)
>
> Change the true_path function as:
>
> def true_path(path):
> "Ensure that the path is safe by removing .."
> import re
> path = re.sub('\.+/+', '', path)
> return path[1:]
>
> and try.
Perfect. Thanks! And I've even learned a little bit more Python today. :-)
> Sorry but I have no 2.0.x around
Probably doesn't matter. The function is exactly the same as in 2.1.5.
> but only found a machine which have working Python 1.x installed.
Thanks for searching.
Kind regards, Axel Beckert
--
-------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
it security solutions * web applications with apache and perl
Mail: Tulpenstrasse 5 D-55276 Dienheim near Mainz
E-Mail: beckert at ecos.de Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
-------------------------------------------------------------
More information about the Mailman-Users
mailing list