Fixes for bug 1080943.

Add error response for ./ and ../ in URL
author: msapiro <> 2005-12-12 01:06:02 +0000
committer: msapiro <> 2005-12-12 01:06:02 +0000
commit: 5fa7ac242892ad3ddf4762a7e1b544022d8e61c8 (patch)
tree: e000ab42d75254fc6e12b6809e9efdac41d9d32b /NEWS
parent: ef20cb24868f054be1965965a404a053f3b00cf9 (diff)
download: mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.tar.gz
mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.tar.xz
mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b541bc63..1e988d7f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ Here is a history of user visible changes to Mailman.
 
   Security
 
+    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
+      message instead of just quietly dropping ./ and ../ from URLs.
+
     - A note on CVE-2005-3573: Although the RFC2231 bug example in the
       CVE has been solved in mailman-2.1.6, there may be more cases
       where ToDigest.send_digests() can block regular delivery.
@@ -42,6 +45,8 @@ Here is a history of user visible changes to Mailman.
 
   Bug fixes and other patches
 
+    - Fix private.py to go to the original URL after authorization (1080943).
+
     - Fix bounce log score messages to be more consistent.
 
     - Fix bin/remove_members to accept no arguments when both --fromall and
author	msapiro <>	2005-12-12 01:06:02 +0000
committer	msapiro <>	2005-12-12 01:06:02 +0000
commit	5fa7ac242892ad3ddf4762a7e1b544022d8e61c8 (patch)
tree	e000ab42d75254fc6e12b6809e9efdac41d9d32b /NEWS
parent	ef20cb24868f054be1965965a404a053f3b00cf9 (diff)
download	mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.tar.gz mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.tar.xz mailman2-5fa7ac242892ad3ddf4762a7e1b544022d8e61c8.zip