author: Xin LI <delphij@FreeBSD.org> 2015-06-17 00:44:48 +0000
committer: Xin LI <delphij@FreeBSD.org> 2015-06-17 00:44:48 +0000
commit: c154a06492c37c3dc4237ee07ec78923fcd02384 (patch)
tree: 8cee6c25dea3bc7ed2f8c7d847014b4bc1ad17ee /japanese/mailman
parent: 0d8dfa7ce45d427c95c0ad8120b881f766abf08e (diff)
2 files changed, 16 insertions, 1 deletions
diff --git a/japanese/mailman/Makefile b/japanese/mailman/Makefile
index 06d2feee51b7..b5809175eeb4 100644
--- a/japanese/mailman/Makefile
+++ b/japanese/mailman/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	mailman
 PORTVERSION=	2.1.14.j7
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	1
 CATEGORIES=	japanese mail
 MASTER_SITES=	http://www.python.jp/doc/contrib/mailman/_static/ \
diff --git a/japanese/mailman/files/patch-CVE-2015-2775 b/japanese/mailman/files/patch-CVE-2015-2775
new file mode 100644
index 000000000000..e570e6fa9fc8
--- /dev/null
+++ b/japanese/mailman/files/patch-CVE-2015-2775
@@ -0,0 +1,15 @@
+--- Mailman/Utils.py.orig	2011-12-11 16:56:23.000000000 +0900
++++ Mailman/Utils.py	2015-06-01 13:25:26.000000000 +0900
+@@ -93,6 +93,12 @@
+     #
+     # The former two are for 2.1alpha3 and beyond, while the latter two are
+     # for all earlier versions.
++    #
++    # But first ensure the list name doesn't contain a path traversal
++    # attack.
++    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
++        syslog('mischief', 'Hostile listname: %s', listname)
++        return False
+     basepath = Site.get_listpath(listname)
+     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
+         dbfile = os.path.join(basepath, 'config' + ext)
author	Xin LI <delphij@FreeBSD.org>	2015-06-17 00:44:48 +0000
committer	Xin LI <delphij@FreeBSD.org>	2015-06-17 00:44:48 +0000
commit	c154a06492c37c3dc4237ee07ec78923fcd02384 (patch)
tree	8cee6c25dea3bc7ed2f8c7d847014b4bc1ad17ee /japanese/mailman
parent	0d8dfa7ce45d427c95c0ad8120b881f766abf08e (diff)