rpms/mailman/devel mailman-2.1.5-date_overflows.patch, NONE, 1.1 mailman.spec, 1.49, 1.50

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Dec 14 16:16:04 UTC 2005 

Author: harald

Update of /cvs/dist/rpms/mailman/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16452/devel

Modified Files:
	mailman.spec 
Added Files:
	mailman-2.1.5-date_overflows.patch 
Log Message:
fix for bug #173139 (CVE-2005-3573 Mailman Denial of Service)

mailman-2.1.5-date_overflows.patch:
 Handlers/Scrubber.py |    4 ++--
 Queue/ArchRunner.py  |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

--- NEW FILE mailman-2.1.5-date_overflows.patch ---
--- mailman-2.1.5/Mailman/Queue/ArchRunner.py.date_overflows	2005-12-12 14:19:18.000000000 +0100
+++ mailman-2.1.5/Mailman/Queue/ArchRunner.py	2005-12-12 14:19:48.000000000 +0100
@@ -49,7 +49,7 @@
                 elif abs(now - mktime_tz(tup)) > \
                          mm_cfg.ARCHIVER_ALLOWABLE_SANE_DATE_SKEW:
                     clobber = 1
-            except ValueError:
+            except (OverflowError, ValueError):
                 # The likely cause of this is that the year in the Date: field
                 # is horribly incorrect, e.g. (from SF bug # 571634):
                 # Date: Tue, 18 Jun 0102 05:12:09 +0500
--- mailman-2.1.5/Mailman/Handlers/Scrubber.py.date_overflows	2005-12-12 14:19:56.000000000 +0100
+++ mailman-2.1.5/Mailman/Handlers/Scrubber.py	2005-12-12 14:25:37.000000000 +0100
@@ -113,7 +113,7 @@
 def safe_strftime(fmt, floatsecs):
     try:
         return time.strftime(fmt, floatsecs)
-    except (TypeError, ValueError):
+    except (OverflowError, TypeError, ValueError):
         return None
 
 
@@ -142,7 +142,7 @@
                      }.get(parts[3], 0)
             day = int(parts[4])
             year = int(parts[6])
-        except (IndexError, ValueError):
+        except (OverflowError, IndexError, ValueError):
             # Best we can do I think
             month = day = year = 0
         datedir = '%04d%02d%02d' % (year, month, day)


Index: mailman.spec
===================================================================
RCS file: /cvs/dist/rpms/mailman/devel/mailman.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- mailman.spec	9 Dec 2005 22:41:53 -0000	1.49
+++ mailman.spec	14 Dec 2005 16:16:01 -0000	1.50
@@ -1,7 +1,7 @@
 Summary: Mailing list manager with built in Web access.
 Name: mailman
 Version: 2.1.6
-Release: 2.1
+Release: 3
 Epoch: 3
 Group: Applications/Internet
 #Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -19,6 +19,9 @@
 Patch5: mailman-FHS.patch
 Patch6: mailman-python-compile.patch
 Patch7: mailman-init.patch
+
+Patch10: mailman-2.1.5-date_overflows.patch
+
 License: GPL
 URL: http://www.list.org/
 BuildRoot: %{_tmppath}/%{name}-root
@@ -91,6 +94,7 @@
 %patch5 -p1 -b .FHS
 %patch6 -p1 -b .python-compile
 %patch7 -p1 -b .inithelp
+%patch10 -p1 -b .CVE-2005-3573
 
 cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
 
@@ -324,6 +328,9 @@
 %attr(0644,root,%{mmgroup}) %config(noreplace) %{mmdir}/cron/crontab.in
 
 %changelog
+* Wed Dec 14 2005 Harald Hoyer <harald at redhat.com> - 3:2.1.5-36.fc4.1
+- fix for bug #173139 (CVE-2005-3573 Mailman Denial of Service)
+
 * Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
 - rebuilt

More information about the fedora-cvs-commits mailing list