From mark at msapiro.net Mon Apr 13 13:30:23 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 13 Apr 2020 17:30:23 -0000
Subject: [Bug 1859011] Re: bounce mail processed multiple times -> oom crash
of BounceRunner
References: <157857260765.27735.6900917651298046478.malonedeb@chaenomeles.canonical.com>
Message-ID: <158679902513.12525.2940741717340992612.launchpad@soybean.canonical.com>
** Changed in: mailman
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1859011
Title:
bounce mail processed multiple times -> oom crash of BounceRunner
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1859011/+subscriptions
From mark at msapiro.net Mon Apr 13 13:32:17 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 13 Apr 2020 17:32:17 -0000
Subject: [Bug 1731604] Re: VERP fails if the recipient address local part is
quoted.
References: <151038163229.934.12641910175503585284.malonedeb@chaenomeles.canonical.com>
Message-ID: <158679913886.17478.6388917873262865595.launchpad@wampee.canonical.com>
** Changed in: mailman
Status: Triaged => Won't Fix
** Changed in: mailman
Milestone: 2.1.30 => None
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1731604
Title:
VERP fails if the recipient address local part is quoted.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1731604/+subscriptions
From 1872840 at bugs.launchpad.net Tue Apr 14 18:00:29 2020
From: 1872840 at bugs.launchpad.net (Tai Graham)
Date: Tue, 14 Apr 2020 22:00:29 -0000
Subject: [Bug 1872840] [NEW] (description)s variable not substituted in emails
Message-ID: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Public bug reported:
>From the "Welcome email txt file" in the option "Edit the public HTML
pages and text files",
This code parse incorrectly:
Welcome to the %(description)s mailing list!
%(welcome)s
It produces:
Welcome to the %(description)s mailing list!
Here is where the welcome variable got substituted but the description variable did not. Have fun.
The description variable is not being substituted in the email body.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: description variable
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From mark at msapiro.net Tue Apr 14 19:56:53 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 14 Apr 2020 23:56:53 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158690861392.16696.11155945988840426941.malone@wampee.canonical.com>
You have edited this template and broken it. The default English
language subscribeack.txt (welcome message) template does not contain
Welcome to the %(description)s mailing list!
%(welcome)s
and the code that uses this template does not have a substitution for
'description'.
The corresponding text in the default template is
Welcome to the %(real_name)s@%(host_name)s mailing list!
%(welcome)s
** Changed in: mailman
Status: New => Invalid
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From jimpop at domainmail.org Tue Apr 14 20:11:12 2020
From: jimpop at domainmail.org (Jim Popovitch)
Date: Wed, 15 Apr 2020 00:11:12 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158690947216.17633.8102562191445166526.malone@wampee.canonical.com>
What makes you believe that %(description)s is valid for the Welcome
email text? I only ask because this is what I see as the default first
two lines of Welcome email text:
Welcome to the %(real_name)s@%(host_name)s mailing list!
%(welcome)s
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From jimpop at domainmail.org Tue Apr 14 20:13:54 2020
From: jimpop at domainmail.org (Jim Popovitch)
Date: Wed, 15 Apr 2020 00:13:54 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158690963506.11904.760376551287813516.malone@soybean.canonical.com>
(sigh) I'm use to gitlab where the msgs update in real time. My comment
above can be ignored.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From 1872840 at bugs.launchpad.net Tue Apr 14 21:01:44 2020
From: 1872840 at bugs.launchpad.net (Tai Graham)
Date: Wed, 15 Apr 2020 01:01:44 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158691250496.12345.11087676549693754974.malone@soybean.canonical.com>
The point of "Edit the public HTML pages and text files"
is to be able to edit what gets sent out to the user. It is not broken and editing it shouldn't break it.
I got the details from the manual:
https://wiki.list.org/DOC/Mailman%202.1%20List%20Administrators%20Manual
For example, a footer containing the following text:
This is the %(list_name)s mailing list
Description: %(description)s
might get attached to postings like so:
This is the Example mailing list
Description: An example of Mailman mailing lists
I tried all of the other variables in the manual and they work but
'description' does not.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From mark at msapiro.net Tue Apr 14 21:35:40 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 15 Apr 2020 01:35:40 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158691454109.17478.2703214819769099094.malone@wampee.canonical.com>
Each template has it's own set of valid substitutions. Just because
'description' is a valid substitution in some context doesn't mean it
can be used in other contexts. In general, the only substitutions you
can rely on are those present in the default template.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From mark at msapiro.net Tue Apr 14 21:57:35 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 15 Apr 2020 01:57:35 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158691585513.12345.7802742567609186858.malone@soybean.canonical.com>
Note, if you really want to be able to include the list's description as
a replacement in the welcome message template, you can apply this patch
to Mailman/Deliverer.py
=== modified file 'Mailman/Deliverer.py'
--- Mailman/Deliverer.py 2018-06-17 23:47:34 +0000
+++ Mailman/Deliverer.py 2020-04-15 01:53:20 +0000
@@ -61,6 +61,7 @@
'subscribeack.txt',
{'real_name' : self.real_name,
'host_name' : self.host_name,
+ 'description' : self.description,
'welcome' : welcome,
'umbrella' : umbrella,
'emailaddr' : self.GetListEmail(),
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From 1872840 at bugs.launchpad.net Tue Apr 14 23:13:42 2020
From: 1872840 at bugs.launchpad.net (Tai Graham)
Date: Wed, 15 Apr 2020 03:13:42 -0000
Subject: [Bug 1872840] Re: (description)s variable not substituted in emails
References: <158690163006.5587.7422329554265290236.malonedeb@chaenomeles.canonical.com>
Message-ID: <158692042252.17633.6822404141581412387.malone@wampee.canonical.com>
Oh my! My apologies. I see how they are not all just global. I'm
sorry.
Thanks for the patch. I love this software, have for decades. So
excited to use 3 when it becomes standard and easily migrated from 2 :-)
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1872840
Title:
(description)s variable not substituted in emails
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1872840/+subscriptions
From mark at msapiro.net Sun Apr 19 23:05:39 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 20 Apr 2020 03:05:39 -0000
Subject: [Bug 1873722] [NEW] Arbitrary Content Injection via the options login
page.
Message-ID: <158735193949.12198.202513808412811113.malonedeb@soybean.canonical.com>
*** This bug is a security vulnerability ***
Private security bug reported:
An issue similar to CVE - https://www.cvedetails.com/cve/CVE-2018-13796/
exists at different endpoint & param. It can lead to a phishing attack.
Steps To Reproduce:
1. Copy and save the following HTML code and open it in any browser.
Code:
2. Can be seen there- "Your account has been hacked. Kindly go to
https://badsite.com or share your credentials at attacker at badsite.com"
message will be displayed on the screen.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: Confirmed
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1873722
Title:
Arbitrary Content Injection via the options login page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1873722/+subscriptions
From mark at msapiro.net Sun Apr 19 23:13:21 2020
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 20 Apr 2020 03:13:21 -0000
Subject: [Bug 1873722] Re: Arbitrary Content Injection via the options login
page.
References: <158735193949.12198.202513808412811113.malonedeb@soybean.canonical.com>
Message-ID: <158735240134.17383.15463259968699378339.malone@wampee.canonical.com>
** Patch added: "Patch to fix this issue"
https://bugs.launchpad.net/mailman/+bug/1873722/+attachment/5356970/+files/options.diff
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1873722
Title:
Arbitrary Content Injection via the options login page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1873722/+subscriptions