aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormsapiro <>2005-12-12 01:06:02 +0000
committermsapiro <>2005-12-12 01:06:02 +0000
commit5fa7ac242892ad3ddf4762a7e1b544022d8e61c8 (patch)
treee000ab42d75254fc6e12b6809e9efdac41d9d32b
parentef20cb24868f054be1965965a404a053f3b00cf9 (diff)
downloadmailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.tar.gz
mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.tar.xz
mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.zip
Fixes for bug 1080943.
Add error response for ./ and ../ in URL
-rw-r--r--NEWS5
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b541bc63..1e988d7f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ Here is a history of user visible changes to Mailman.
Security
+ - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
+ message instead of just quietly dropping ./ and ../ from URLs.
+
- A note on CVE-2005-3573: Although the RFC2231 bug example in the
CVE has been solved in mailman-2.1.6, there may be more cases
where ToDigest.send_digests() can block regular delivery.
@@ -42,6 +45,8 @@ Here is a history of user visible changes to Mailman.
Bug fixes and other patches
+ - Fix private.py to go to the original URL after authorization (1080943).
+
- Fix bounce log score messages to be more consistent.
- Fix bin/remove_members to accept no arguments when both --fromall and