An XSS vulnerability, CVE-2011-0707, has been fixed.

2 files changed, 7 insertions, 3 deletions

diff --git a/Mailman/Cgi/confirm.py b/Mailman/Cgi/confirm.py
index 6ad0ffae..607f1784 100644
--- a/Mailman/Cgi/confirm.py
+++ b/Mailman/Cgi/confirm.py
@@ -471,7 +471,7 @@ def unsubscription_prompt(mlist, doc, cookie, addr):
     if fullname is None:
         fullname = _('<em>Not available</em>')
     else:
-        fullname = Utils.uncanonstr(fullname, lang)
+        fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
     table.AddRow([_("""Your confirmation is required in order to complete the
     unsubscription request from the mailing list <em>%(listname)s</em>.  You
     are currently subscribed with
@@ -573,7 +573,7 @@ def addrchange_prompt(mlist, doc, cookie, oldaddr, newaddr, globally):
     if fullname is None:
         fullname = _('<em>Not available</em>')
     else:
-        fullname = Utils.uncanonstr(fullname, lang)
+        fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
     if globally:
         globallys = _('globally')
     else:
@@ -815,7 +815,7 @@ def reenable_prompt(mlist, doc, cookie, list, member):
     if username is None:
         username = _('<em>not available</em>')
     else:
-        username = Utils.uncanonstr(username, lang)
+        username = Utils.websafe(Utils.uncanonstr(username, lang))
 
     table.AddRow([_("""Your membership in the %(realname)s mailing list is
     currently disabled due to excessive bounces.  Your confirmation is
diff --git a/NEWS b/NEWS
index 04da6e85..00218e9a 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,10 @@ Here is a history of user visible changes to Mailman.
 
 2.1.15 (xx-xxx-xxxx)
 
+  Security
+
+    - An XSS vulnerability, CVE-2011-0707, has been fixed.
+
   New Features
 
     - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control