Package: smartlist Version: 3.15-21 Severity: important Tags: upstream patch
This bug has been reported as #579376 to lists.debian.org This bug makes it possible to subscribe third party mailaddresses to mailinglists under some circumstances, so i'm flagging it as important. This is caused that the sed-regexp don't work with domains having a trailing number which leaves the $address variable empty and subscribe later parses another address from the confirmation mail and simply subscribes it. IMHO a real fix shouldn't do that, instead it should stop if it can't figure out the mailaddress from the Cookie-Directory. I now produced and applied a small workaround for lists.d.o: ---------------------------------------------------------------- --- /home/cvs/lists-debian-org/.bin/subscribe 2009/01/29 09:41:36 1.7 +++ /home/cvs/lists-debian-org/.bin/subscribe 2010/05/07 20:07:31 1.8 @@ -1,4 +1,4 @@ -#! /bin/sh +#!/bin/sh : # Copyright (c) 1993-1996, S.R. van den Berg, The Netherlands #$Id: subscribe,v 1.36 1996/12/21 03:28:11 srb Exp $ @@ -41,13 +41,13 @@ $sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/' \ -e '/^[ ]*[^ a-z]/ q' \ -e 's/^...@]*add[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' \ +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' \ -e 's/^...@]*address[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' \ +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' \ -e 's/^...@]*sub[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p' \ +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p' \ -e 's/^...@]*subscribe[ ]*'\ -'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z][^ ]*\).*/\1/p'` +'[^ ]*[ ]\([^ ]*[-a-z0-9...@!][a-z0-9][^ ]*\).*/\1/p'` fromaddr=`$cat $tmpfrom` ---------------------------------------------------------------- (you get the idea, however, the spaces are wrong) Cord -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages smartlist depends on: ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii procmail 3.22-19 Versatile e-mail processor ii sendmail-bin [mail-transport- 8.14.3-9.1 powerful, efficient, and scalable Versions of packages smartlist recommends: ii base-passwd 3.5.22 Debian base system master password smartlist suggests no packages. -- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
