SECURITY: Unsafe display of held messages
Bug #265579 reported by
Lindahl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Critical
|
Unassigned |
Bug Description
In 2.0.6, I have noticed that some spam message
contents cause the /TEXTAREA tag to not get
interpreted, which means that the next bit of HTML
appears in the TEXTAREA, up until the next /TEXTAREA
tag, which is after the header of the succeeding message.
This makes me fear that javascript might get executed,
or other bad things.
If you like I can provide an example message that
triggers this. I have old lists that get lots of spam.
[http://
To post a comment you must log in.
This diff seems to cure the problem, although I'm not a
Python guy so I don't know if it's the Right Thing To Do:
[mailman@nixon Cgi]$ diff -c admindb.py? admindb.py Index() , t.GetCurrentCel lIndex( ) AddCellInfo( row, col-1, align='right') AddRow( [Bold(' Message Excerpt:'), 'fulltext- %d' % id, text, rows=10, AddCellInfo( row+1, col-1, align='right') AddItem( t) AddItem( '<p>') Index() , t.GetCurrentCel lIndex( ) AddCellInfo( row, col-1, align='right') AddRow( [Bold(' Message Excerpt:'), 'fulltext- %d' % id, AddCellInfo( row+1, col-1, align='right') AddItem( t) AddItem( '<p>')
*** admindb.py~ Thu Nov 8 22:15:29 2001
--- admindb.py Thu Nov 29 10:51:56 2001
***************
*** 268,274 ****
row, col = t.GetCurrentRow
t.
t.
! TextArea(
cols=80)])
t.
form.
form.
--- 268,274 ----
row, col = t.GetCurrentRow
t.
t.
! TextArea(
cgi.escape(text), rows=10, cols=80)])
t.
form.
form.