diff options
author | Mark Sapiro <mark@msapiro.net> | 2021-11-03 12:02:21 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2021-11-03 12:02:21 -0700 |
commit | e17a9218ddd5b614c2a02743cedc9652974af7af (patch) | |
tree | 5986ad88c29d21e91af700a6f12c67c3cd42b4e2 | |
parent | 488bc552f048eb03f510791eac87cc717370ab59 (diff) | |
download | mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.tar.gz mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.tar.xz mailman2-e17a9218ddd5b614c2a02743cedc9652974af7af.zip |
Fix a potentail XSS attack via the user options page.
-rw-r--r-- | Mailman/Cgi/options.py | 2 | ||||
-rw-r--r-- | NEWS | 12 |
2 files changed, 14 insertions, 0 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 60b7d9b6..3db0a172 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -346,6 +346,8 @@ def main(): varhelp = qs[0] if varhelp: # Sanitize the topic name. + while '%' in varhelp: + varhelp = urllib.unquote_plus(varhelp) varhelp = re.sub('<.*', '', varhelp) topic_details(mlist, doc, user, cpuser, userlang, varhelp) return @@ -5,6 +5,18 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. +2.1.36 (xx-Nov-2021) + + Security + + - A potential XSS attack via the user options page has been reported by + Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP:#1949401) + + - A potential for for a list moderator to carry out an off-line brute force + attack to obtain the list admin password has been reported by Andre + Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. + CVE-2021-43332 (LP:#1949403) + 2.1.35 (19-Oct-2021) Security |