------------------------------------------------------------
revno: 1875
fixes bug: https://launchpad.net/bugs/1949401
committer: Mark Sapiro <[email protected]>
branch nick: 2.1
timestamp: Wed 2021-11-03 12:02:21 -0700
message:
Fix a potentail XSS attack via the user options page.
modified:
Mailman/Cgi/options.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py 2021-10-18 23:56:42 +0000
+++ Mailman/Cgi/options.py 2021-11-03 19:02:21 +0000
@@ -346,6 +346,8 @@
varhelp = qs[0]
if varhelp:
# Sanitize the topic name.
+ while '%' in varhelp:
+ varhelp = urllib.unquote_plus(varhelp)
varhelp = re.sub('<.*', '', varhelp)
topic_details(mlist, doc, user, cpuser, userlang, varhelp)
return
=== modified file 'NEWS'
--- NEWS 2021-10-18 23:56:42 +0000
+++ NEWS 2021-11-03 19:02:21 +0000
@@ -5,6 +5,18 @@
Here is a history of user visible changes to Mailman.
+2.1.36 (xx-Nov-2021)
+
+ Security
+
+ - A potential XSS attack via the user options page has been reported by
+ Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP:#1949401)
+
+ - A potential for for a list moderator to carry out an off-line brute force
+ attack to obtain the list admin password has been reported by Andre
+ Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
+ CVE-2021-43332 (LP:#1949403)
+
2.1.35 (19-Oct-2021)
Security
_______________________________________________
Mailman-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-checkins.python.org/
Member address: [email protected]
