mail/mailman/patches/patch-ak


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

$NetBSD: patch-ak,v 1.1 2010/09/24 23:24:31 taca Exp $

* Fix for CVE-2010-3089 (XSS).

--- Mailman/Cgi/listinfo.py.orig	2009-02-23 21:23:35.000000000 +0000
+++ Mailman/Cgi/listinfo.py
@@ -93,7 +93,7 @@ def listinfo_overview(msg=''):
             else:
                 advertised.append((mlist.GetScriptURL('listinfo'),
                                    mlist.real_name,
-                                   mlist.description))
+                                   Utils.websafe(mlist.description)))
     if msg:
         greeting = FontAttr(msg, color="ff5060", size="+1")
     else: