[mailman/f13/master] - fix #631881 - CVE-2010-3089: Multiple security flaws leading to cross-site scripting (XSS) attac
Jan Kaluža
jkaluza at fedoraproject.org
Wed Sep 15 14:41:33 UTC 2010
commit d7575371f903567302b3c794ef3db923619c42e0
Author: Jan Kaluza <hanzz.k at gmail.com>
Date: Wed Sep 15 16:41:09 2010 +0200
- fix #631881 - CVE-2010-3089: Multiple security flaws leading
to cross-site scripting (XSS) attacks
mailman-2.1.12-xss.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++
mailman.spec | 8 ++++++-
2 files changed, 60 insertions(+), 1 deletions(-)
---
diff --git a/mailman-2.1.12-xss.patch b/mailman-2.1.12-xss.patch
new file mode 100644
index 0000000..d55ec51
--- /dev/null
+++ b/mailman-2.1.12-xss.patch
@@ -0,0 +1,53 @@
+diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
+index abbf570..27bd0db 100644
+--- a/Mailman/Cgi/listinfo.py
++++ b/Mailman/Cgi/listinfo.py
+@@ -93,7 +93,7 @@ def listinfo_overview(msg=''):
+ else:
+ advertised.append((mlist.GetScriptURL('listinfo'),
+ mlist.real_name,
+- mlist.description))
++ Utils.websafe(mlist.description)))
+ if msg:
+ greeting = FontAttr(msg, color="ff5060", size="+1")
+ else:
+diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py
+index 3a21d96..dad51e7 100644
+--- a/Mailman/HTMLFormatter.py
++++ b/Mailman/HTMLFormatter.py
+@@ -1,4 +1,4 @@
+-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -383,8 +383,9 @@ class HTMLFormatter:
+ '<mm-mailman-footer>' : self.GetMailmanFooter(),
+ '<mm-list-name>' : self.real_name,
+ '<mm-email-user>' : self._internal_name,
+- '<mm-list-description>' : self.description,
+- '<mm-list-info>' : BR.join(self.info.split(NL)),
++ '<mm-list-description>' : Utils.websafe(self.description),
++ '<mm-list-info>' :
++ '<!---->' + BR.join(self.info.split(NL)) + '<!---->',
+ '<mm-form-end>' : self.FormatFormEnd(),
+ '<mm-archive>' : self.FormatArchiveAnchor(),
+ '</mm-archive>' : '</a>',
+diff --git a/Mailman/Utils.py b/Mailman/Utils.py
+index 847d1a8..ca2a275 100644
+--- a/Mailman/Utils.py
++++ b/Mailman/Utils.py
+@@ -1,4 +1,4 @@
+-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -908,6 +908,7 @@ _badwords = [
+ # Kludge to allow the specific tag that's in the options.html template.
+ '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)',
+ '<meta',
++ '<object',
+ '<script',
+ r'(?:^|\W)j(?:ava)?script(?:\W|$)',
+ r'(?:^|\W)vbs(?:cript)?(?:\W|$)',
diff --git a/mailman.spec b/mailman.spec
index 02ba49f..c4d99f0 100644
--- a/mailman.spec
+++ b/mailman.spec
@@ -1,7 +1,7 @@
Summary: Mailing list manager with built in Web access
Name: mailman
Version: 2.1.12
-Release: 15%{?dist}
+Release: 16%{?dist}
Epoch: 3
Group: Applications/Internet
Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -36,6 +36,7 @@ Patch18: mailman-2.1.12-initcleanup.patch
Patch19: mailman-2.1.12-codage.patch
# the service is now off by default
Patch20: mailman-2.1.12-init-not-on.patch
+Patch21: mailman-2.1.12-xss.patch
License: GPLv2+
URL: http://www.list.org/
@@ -129,6 +130,7 @@ additional installation steps, these are described in:
%patch18 -p1 -b .initcleanup
%patch19 -p1
%patch20 -p1
+%patch21 -p1
#cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
cp %{SOURCE5} INSTALL.REDHAT.in
@@ -507,6 +509,10 @@ exit 0
%attr(0755,root,root) %{_bindir}/mailman-update-cfg
%changelog
+* Wed Sep 15 2010 Jan Kaluza <jkaluza at redhat.com> 3:2.1.12-16
+- fix #631881 - CVE-2010-3089: Multiple security flaws leading
+ to cross-site scripting (XSS) attacks
+
* Tue Apr 20 2010 Daniel Novotny <dnovotny at redhat.com> 3:2.1.12-15
- fix #583966 - mailman-update-cfg script should use %%{mmdir}, not %%{_libdir}
More information about the scm-commits
mailing list