[Mailman-Users] Re: [Mailman-Announce] Critical security update for Mailman 2.1.5 and earlier
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Fri Feb 11 02:06:55 CET 2005
Hi,
> As I noticed, 2.0.x versions (at least 2.0.13) are vulnerable,
> too. (As the subject of the announcement also suggested.)
>
> Which unfortunately only works with Python 2.
>
> Python 1 (respective at least 1.5.2) complains about syntax
> errors. (Which, in fact, also helps against the vulnerability by
> displaying the "You've found a Mailman bug" page. ;-)
Change the true_path function as:
def true_path(path):
"Ensure that the path is safe by removing .."
import re
path = re.sub('\.+/+', '', path)
return path[1:]
and try. Sorry but I have no 2.0.x around but only found a machine which
have working Python 1.x installed.
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Users
mailing list