diff options
author | Mark Sapiro <mark@msapiro.net> | 2020-05-05 08:08:54 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2020-05-05 08:08:54 -0700 |
commit | bb493df55fe504a0dd4f743ad48837fd18eb9888 (patch) | |
tree | c8f770a913249f6d32435d173c31986076317389 | |
parent | 12155455f6afa9243c18077bdd064fceb428e56c (diff) | |
download | mailman2-bb493df55fe504a0dd4f743ad48837fd18eb9888.tar.gz mailman2-bb493df55fe504a0dd4f743ad48837fd18eb9888.tar.xz mailman2-bb493df55fe504a0dd4f743ad48837fd18eb9888.zip |
Fixed options login content injection vulnerability.
-rw-r--r-- | Mailman/Cgi/options.py | 2 | ||||
-rw-r--r-- | NEWS | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py index 641ec134..ee2293e2 100644 --- a/Mailman/Cgi/options.py +++ b/Mailman/Cgi/options.py @@ -173,7 +173,7 @@ def main(): try: Utils.ValidateEmail(user) except Errors.EmailAddressError: - doc.addError(_('Illegal Email Address: %(safeuser)s')) + doc.addError(_('Illegal Email Address')) loginpage(mlist, doc, None, language) print doc.Format() return @@ -5,7 +5,12 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. -2.1.30-1 (xx-xxx-xxxx) +2.1.31 (05-May-2020) + + Security + + - A content injection vulnerability via the options login page has been + discovered and reported by Vishal Singh. This is fixed. (LP: #1873722) i18n |