FreeBSD Bugzilla – Attachment 157322 Details for
Bug 200562
[patch] japanese/mailman: seems to be affeted by CVE-2015-2775 also
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to fix CVE-2015-2775
patch-CVE-2015-2775-Mailman-Utils.py (text/plain), 669 bytes, created by
Yasuhito FUTATSUKI
on 2015-06-01 05:57:01 UTC
(
hide
)
Description:
patch to fix CVE-2015-2775
Filename:
MIME Type:
Creator:
Yasuhito FUTATSUKI
Created:
2015-06-01 05:57:01 UTC
Size:
669 bytes
patch
obsolete
>--- Mailman/Utils.py.orig 2011-12-11 16:56:23.000000000 +0900 >+++ Mailman/Utils.py 2015-06-01 13:25:26.000000000 +0900 >@@ -93,6 +93,12 @@ > # > # The former two are for 2.1alpha3 and beyond, while the latter two are > # for all earlier versions. >+ # >+ # But first ensure the list name doesn't contain a path traversal >+ # attack. >+ if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0: >+ syslog('mischief', 'Hostile listname: %s', listname) >+ return False > basepath = Site.get_listpath(listname) > for ext in ('.pck', '.pck.last', '.db', '.db.last'): > dbfile = os.path.join(basepath, 'config' + ext)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=157322">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 200562
: 157322 |
157830