The attached patch will fix this problem.
Regards,
Joey
--
Unix is user friendly ... It's just picky about its friends.
Please always Cc to me when replying to me on the lists.
diff -u mailman-2.0.11/Mailman/Cgi/private.py
mailman-2.0.11/Mailman/Cgi/private.py
--- mailman-2.0.11/Mailman/Cgi/private.py
+++ mailman-2.0.11/Mailman/Cgi/private.py
@@ -79,8 +79,11 @@
def true_path(path):
"Ensure that the path is safe by removing .."
- parts = [x for x in path.split(SLASH) if x not in ('.', '..')]
- return SLASH.join(parts)[1:]
+ parts = []
+ for x in string.split(path, SLASH):
+ if x not in ['.', '..']:
+ parts.append(x)
+ return string.join(parts, SLASH)[1:]
def content_type(path):
diff -u mailman-2.0.11/debian/changelog mailman-2.0.11/debian/changelog
--- mailman-2.0.11/debian/changelog
+++ mailman-2.0.11/debian/changelog
@@ -1,7 +1,17 @@
+mailman (2.0.11-1woody11) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Rewrote patch to fix directory traversal (CAN-2005-0202) so it will
+ work with Python 1.5 as well since that's the lowest requirement for
+ mailman in Debian/stable and since Python 1.5.2 doesn't do list
+ comprehensions [Mailman/Cgi/private.py]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18 Feb 2005 12:57:31 +0100
+
mailman (2.0.11-1woody10) stable-security; urgency=high
* Non-maintainer upload by the Security Team
