[Mailman-Developers] Fw: Re: [Mailman-Users] Digest Problems

[Barry A. Warsaw]

>>>>> "RFK" == Ricardo F Kustner <ricardo@rixhq.nu> writes:

    RFK> I just saw this post on the mailman-users list...

Good, thanks for forwarding it!  I'm hopelessly behind on
mailman-users. ;/
    
    RFK> it seems that you can easily break mailman by improperly
    RFK> using '%' chars in the digest footer...

    RFK> has this issue been addressed before? will this still happen
    RFK> in 2.0.6 and 2.1a ? I can imagine that in large mailman
    RFK> installations, with many different lists and listadmins, this
    RFK> could cause problems...

Both are semi-vulnerable.  In the specific situation where you've got
something like "30-70%" in the footer, Mailman /should/ catch this and
simply append something like "[INVALID FOOTER]".  However, there are
other ways to break this with stray %'s.  Python may raise either a
ValueError or a TypeError in these situations, but both Mailman
versions are only catching ValueError.  E.g. put this in your footer:

    "Something %else entirely"

Blammo.  Uncaught TypeError.

-Barry