Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
mailman.24378
CVE-2020-15011_inject_private_login.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-15011_inject_private_login.patch of Package mailman.24378
=== modified file 'Mailman/Cgi/private.py' --- a/Mailman/Cgi/private.py +++ b/Mailman/Cgi/private.py @@ -146,13 +146,9 @@ def main(): if mlist.isMember(username): mlist.MailUserPassword(username) elif username: - # Not a member - if mlist.private_roster == 0: - # Public rosters - safeuser = Utils.websafe(username) - message = Bold(FontSize('+1', - _('No such member: %(safeuser)s.'))).Format() - else: + # Not a member. Don't report address in any case. It leads to + # Content injection. Just log if roster is not public. + if mlist.private_roster != 0: syslog('mischief', 'Reminder attempt of non-member w/ private rosters: %s', username)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
