[Mailman-Developers] Fix for cross-site scripting bug in Mailman
2.1.0
Barry A. Warsaw
barry at python.org
Mon Jan 27 08:25:20 EST 2003
>>>>> "TK" == Tokio Kikuchi <tkikuchi at is.kochi-u.ac.jp> writes:
TK> I forgot to realize language part of the bugtraq report!
TK> There are also language=<...> bug in listinfo.py, roster.py
TK> and subscribe.py. Is this bug in the error reporting function
TK> of python cgilib? Better to correct the library I suppose.
TK> Sorry but I have no time to generate patch now.
That's ok. I think the language bug isn't an xss bug (there's no
%(language)s in the code), but it will crash if a false language is
given deliberately.
I will fix these for 2.1.1.
-Barry
More information about the Mailman-Developers
mailing list