[Mailman-Developers] [Mailman-Users] any info on this reported exploit?
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Tue Jan 31 05:12:09 CET 2006
Mark Sapiro wrote:
> Tokio Kikuchi wrote:
>
>>We may have to patch against this email package parsedate bug.
>>I've just uploaded a patch on SF tracker. Please someone review this
>>before I commit in the CVS (this weekend, maybe).
>
>
> I have looked at the patch in the tracker.
>
> Caveat: I haven't tested anything - this is just based on my reading.
>
> I think the patch is good. The issue I see is that Scrubber.py may not
> currently be doing the right thing if parsedate() returns None.
>
> Consider the attached patch for Scrubber.py in addition to the patch in
> the tracker.
Well, the logic may be unclear but calculate_attachment_dir() tries
again to guess the real date of message arrival because it may be called
from bin/arch. I think the code should be cleaned up but since we are
now dealing with the email parsedate bug and it should be safe to limit
our patch to this purpose.
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Developers
mailing list