[Mailman-Developers] [Mailman-Users] any info onthisreportedexploit?
Barry Warsaw
barry at python.org
Fri Feb 3 05:27:59 CET 2006
On Tue, 2006-01-31 at 19:26 -0800, Mark Sapiro wrote:
> I seem to be having a lot of trouble with this. Make that
>
> if t and not t[7]:
> t = t[:7] + (1,) +t[8:]
If you look at email 3.0, the 7th item returned from parsedate() and
parsedate_tz() is always 1, obviously so that the value is acceptable to
time.mktime() and time.strftime(), or None of course.
I think the right thing to do is to fix email 2.5 to behave the same
way. This is safe because that time is documented as not being
meaningful, so we might as well make it safe <wink>.
I'd rather do that than apply the current SF patch to Mailman. One
thing I don't like about the patch is that it calls time.strftime() to
try to catch errors and return None. I don't think that's necessary if
we change the email package as described above.
So let's fix and release an email 2.5.7 for Mailman 2.1.8. Even though
there are more things I'd like to fix in the email 2.5 package, I'd
rather get this out in time to integrate in Mailman 2.1.8. I can do
that pretty quickly.
Thoughts?
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20060202/fe028daa/attachment.pgp
More information about the Mailman-Developers
mailing list