rpms/mailman/devel mailman-2.1.5-date_overflows.patch, NONE, 1.1 mailman.spec, 1.49, 1.50
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Dec 14 16:16:04 UTC 2005
Author: harald
Update of /cvs/dist/rpms/mailman/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16452/devel
Modified Files:
mailman.spec
Added Files:
mailman-2.1.5-date_overflows.patch
Log Message:
fix for bug #173139 (CVE-2005-3573 Mailman Denial of Service)
mailman-2.1.5-date_overflows.patch:
Handlers/Scrubber.py | 4 ++--
Queue/ArchRunner.py | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--- NEW FILE mailman-2.1.5-date_overflows.patch ---
--- mailman-2.1.5/Mailman/Queue/ArchRunner.py.date_overflows 2005-12-12 14:19:18.000000000 +0100
+++ mailman-2.1.5/Mailman/Queue/ArchRunner.py 2005-12-12 14:19:48.000000000 +0100
@@ -49,7 +49,7 @@
elif abs(now - mktime_tz(tup)) > \
mm_cfg.ARCHIVER_ALLOWABLE_SANE_DATE_SKEW:
clobber = 1
- except ValueError:
+ except (OverflowError, ValueError):
# The likely cause of this is that the year in the Date: field
# is horribly incorrect, e.g. (from SF bug # 571634):
# Date: Tue, 18 Jun 0102 05:12:09 +0500
--- mailman-2.1.5/Mailman/Handlers/Scrubber.py.date_overflows 2005-12-12 14:19:56.000000000 +0100
+++ mailman-2.1.5/Mailman/Handlers/Scrubber.py 2005-12-12 14:25:37.000000000 +0100
@@ -113,7 +113,7 @@
def safe_strftime(fmt, floatsecs):
try:
return time.strftime(fmt, floatsecs)
- except (TypeError, ValueError):
+ except (OverflowError, TypeError, ValueError):
return None
@@ -142,7 +142,7 @@
}.get(parts[3], 0)
day = int(parts[4])
year = int(parts[6])
- except (IndexError, ValueError):
+ except (OverflowError, IndexError, ValueError):
# Best we can do I think
month = day = year = 0
datedir = '%04d%02d%02d' % (year, month, day)
Index: mailman.spec
===================================================================
RCS file: /cvs/dist/rpms/mailman/devel/mailman.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- mailman.spec 9 Dec 2005 22:41:53 -0000 1.49
+++ mailman.spec 14 Dec 2005 16:16:01 -0000 1.50
@@ -1,7 +1,7 @@
Summary: Mailing list manager with built in Web access.
Name: mailman
Version: 2.1.6
-Release: 2.1
+Release: 3
Epoch: 3
Group: Applications/Internet
#Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -19,6 +19,9 @@
Patch5: mailman-FHS.patch
Patch6: mailman-python-compile.patch
Patch7: mailman-init.patch
+
+Patch10: mailman-2.1.5-date_overflows.patch
+
License: GPL
URL: http://www.list.org/
BuildRoot: %{_tmppath}/%{name}-root
@@ -91,6 +94,7 @@
%patch5 -p1 -b .FHS
%patch6 -p1 -b .python-compile
%patch7 -p1 -b .inithelp
+%patch10 -p1 -b .CVE-2005-3573
cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
@@ -324,6 +328,9 @@
%attr(0644,root,%{mmgroup}) %config(noreplace) %{mmdir}/cron/crontab.in
%changelog
+* Wed Dec 14 2005 Harald Hoyer <harald at redhat.com> - 3:2.1.5-36.fc4.1
+- fix for bug #173139 (CVE-2005-3573 Mailman Denial of Service)
+
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
More information about the fedora-cvs-commits
mailing list