[mailman/f12/master] - fix #631881 - CVE-2010-3089: Multiple security flaws leading to cross-site scripting (XSS) attac

Jan Kaluža jkaluza at fedoraproject.org
Wed Sep 15 13:43:45 UTC 2010 

commit f8e22fefc934453bcfa3399077f66ed94bfbe418
Author: Jan Kaluza <hanzz.k at gmail.com>
Date:   Wed Sep 15 15:43:21 2010 +0200

    - fix #631881 - CVE-2010-3089: Multiple security flaws leading
      to cross-site scripting (XSS) attacks

 mailman-2.1.12-xss.patch |   53 ++++++++++++++++++++++++++++++++++++++++++++++
 mailman.spec             |    8 ++++++-
 2 files changed, 60 insertions(+), 1 deletions(-)
---
diff --git a/mailman-2.1.12-xss.patch b/mailman-2.1.12-xss.patch
new file mode 100644
index 0000000..d55ec51
--- /dev/null
+++ b/mailman-2.1.12-xss.patch
@@ -0,0 +1,53 @@
+diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
+index abbf570..27bd0db 100644
+--- a/Mailman/Cgi/listinfo.py
++++ b/Mailman/Cgi/listinfo.py
+@@ -93,7 +93,7 @@ def listinfo_overview(msg=''):
+             else:
+                 advertised.append((mlist.GetScriptURL('listinfo'),
+                                    mlist.real_name,
+-                                   mlist.description))
++                                   Utils.websafe(mlist.description)))
+     if msg:
+         greeting = FontAttr(msg, color="ff5060", size="+1")
+     else:
+diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py
+index 3a21d96..dad51e7 100644
+--- a/Mailman/HTMLFormatter.py
++++ b/Mailman/HTMLFormatter.py
+@@ -1,4 +1,4 @@
+-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -383,8 +383,9 @@ class HTMLFormatter:
+             '<mm-mailman-footer>' : self.GetMailmanFooter(),
+             '<mm-list-name>' : self.real_name,
+             '<mm-email-user>' : self._internal_name,
+-            '<mm-list-description>' : self.description,
+-            '<mm-list-info>' : BR.join(self.info.split(NL)),
++            '<mm-list-description>' : Utils.websafe(self.description),
++            '<mm-list-info>' : 
++                '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
+             '<mm-form-end>'  : self.FormatFormEnd(),
+             '<mm-archive>'   : self.FormatArchiveAnchor(),
+             '</mm-archive>'  : '</a>',
+diff --git a/Mailman/Utils.py b/Mailman/Utils.py
+index 847d1a8..ca2a275 100644
+--- a/Mailman/Utils.py
++++ b/Mailman/Utils.py
+@@ -1,4 +1,4 @@
+-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -908,6 +908,7 @@ _badwords = [
+     # Kludge to allow the specific tag that's in the options.html template.
+     '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)',
+     '<meta',
++    '<object',
+     '<script',
+     r'(?:^|\W)j(?:ava)?script(?:\W|$)',
+     r'(?:^|\W)vbs(?:cript)?(?:\W|$)',
diff --git a/mailman.spec b/mailman.spec
index fc6c3d1..2d99009 100644
--- a/mailman.spec
+++ b/mailman.spec
@@ -1,7 +1,7 @@
 Summary: Mailing list manager with built in Web access
 Name: mailman
 Version: 2.1.12
-Release: 9%{?dist}
+Release: 10%{?dist}
 Epoch: 3
 Group: Applications/Internet
 Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -32,6 +32,7 @@ Patch15: mailman-2.1.12-lctype.patch
 #Patch15: mailman-2.1.11-footer.patch
 Patch16: mailman-2.1.12-privurl.patch
 Patch17: mailman-2.1.12-mmcfg.patch
+Patch18: mailman-2.1.12-xss.patch
 
 License: GPLv2+
 URL: http://www.list.org/
@@ -118,6 +119,7 @@ additional installation steps, these are described in:
 #%%patch15 -p1 -b .footer
 %patch16 -p1 -b .privurl
 %patch17 -p1 -b .mmcfg
+%patch18 -p1
 
 #cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
 cp %{SOURCE5} INSTALL.REDHAT.in
@@ -485,6 +487,10 @@ exit 0
 %attr(0755,root,root) %{_bindir}/mailman-update-cfg
 
 %changelog
+* Wed Sep 15 2010 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-10
+- fix #631881 - CVE-2010-3089: Multiple security flaws leading
+  to cross-site scripting (XSS) attacks
+
 * Tue Jul 28 2009 Daniel Novotny <dnovotny at redhat.com> 3:2.1.12-9
 - regenerated patches so patch fuzz 3 is not needed (bz#513207)
 - mm_cfg.pyc and .pyo are now %%verify(not md5 size mtime) (bz#512794)

More information about the scm-commits mailing list