[mailman] - fix #631881 - CVE-2010-3089: Multiple security flaws leading to cross-site scripting (XSS) attac
Jan Kaluža
jkaluza at fedoraproject.org
Wed Sep 15 14:34:27 UTC 2010
commit fcc91ccf523bae9103deade891fd01d2afef019a
Author: Jan Kaluza <hanzz.k at gmail.com>
Date: Wed Sep 15 16:34:03 2010 +0200
- fix #631881 - CVE-2010-3089: Multiple security flaws leading
to cross-site scripting (XSS) attacks
mailman-2.1.12-xss.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++
mailman.spec | 8 ++++++-
2 files changed, 60 insertions(+), 1 deletions(-)
---
diff --git a/mailman-2.1.12-xss.patch b/mailman-2.1.12-xss.patch
new file mode 100644
index 0000000..d55ec51
--- /dev/null
+++ b/mailman-2.1.12-xss.patch
@@ -0,0 +1,53 @@
+diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
+index abbf570..27bd0db 100644
+--- a/Mailman/Cgi/listinfo.py
++++ b/Mailman/Cgi/listinfo.py
+@@ -93,7 +93,7 @@ def listinfo_overview(msg=''):
+ else:
+ advertised.append((mlist.GetScriptURL('listinfo'),
+ mlist.real_name,
+- mlist.description))
++ Utils.websafe(mlist.description)))
+ if msg:
+ greeting = FontAttr(msg, color="ff5060", size="+1")
+ else:
+diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py
+index 3a21d96..dad51e7 100644
+--- a/Mailman/HTMLFormatter.py
++++ b/Mailman/HTMLFormatter.py
+@@ -1,4 +1,4 @@
+-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -383,8 +383,9 @@ class HTMLFormatter:
+ '<mm-mailman-footer>' : self.GetMailmanFooter(),
+ '<mm-list-name>' : self.real_name,
+ '<mm-email-user>' : self._internal_name,
+- '<mm-list-description>' : self.description,
+- '<mm-list-info>' : BR.join(self.info.split(NL)),
++ '<mm-list-description>' : Utils.websafe(self.description),
++ '<mm-list-info>' :
++ '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
+ '<mm-form-end>' : self.FormatFormEnd(),
+ '<mm-archive>' : self.FormatArchiveAnchor(),
+ '</mm-archive>' : '</a>',
+diff --git a/Mailman/Utils.py b/Mailman/Utils.py
+index 847d1a8..ca2a275 100644
+--- a/Mailman/Utils.py
++++ b/Mailman/Utils.py
+@@ -1,4 +1,4 @@
+-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -908,6 +908,7 @@ _badwords = [
+ # Kludge to allow the specific tag that's in the options.html template.
+ '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)',
+ '<meta',
++ '<object',
+ '<script',
+ r'(?:^|\W)j(?:ava)?script(?:\W|$)',
+ r'(?:^|\W)vbs(?:cript)?(?:\W|$)',
diff --git a/mailman.spec b/mailman.spec
index 45fa831..2329064 100644
--- a/mailman.spec
+++ b/mailman.spec
@@ -1,7 +1,7 @@
Summary: Mailing list manager with built in Web access
Name: mailman
Version: 2.1.13
-Release: 5%{?dist}
+Release: 6%{?dist}
Epoch: 3
Group: Applications/Internet
Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -37,6 +37,7 @@ Patch19: mailman-2.1.12-codage.patch
# the service is now off by default
Patch20: mailman-2.1.12-init-not-on.patch
Patch21: mailman-2.1.13-env-python.patch
+Patch22: mailman-2.1.12-xss.patch
License: GPLv2+
URL: http://www.list.org/
@@ -132,6 +133,7 @@ additional installation steps, these are described in:
#u%%patch19 -p1
%patch20 -p1
%patch21 -p1
+%patch22 -p1
#cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
cp %{SOURCE5} INSTALL.REDHAT.in
@@ -512,6 +514,10 @@ exit 0
%attr(2770,%{mmuser},%{cgigroup}) %{archivesdir}/private
%changelog
+* Wed Sep 15 2010 Jan Kaluza <jkaluza at redhat.com> 3:2.1.13-6
+- fix #631881 - CVE-2010-3089: Multiple security flaws leading
+ to cross-site scripting (XSS) attacks
+
* Wed Aug 11 2010 David Malcolm <dmalcolm at redhat.com> - 3:2.1.13-5
- recompiling .py files against Python 2.7 (rhbz#623334)
More information about the scm-commits
mailing list