ALT Linux Bugzilla
– Attachment 1274 Details for
Bug 8591
CVE-2005-3573 (DoS): not properly handle UTF8 character encodings in filenames of e-mail attachments
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
Патч_1
mailman-2.1.6-CVE-2005-3573.patch (text/plain), 1.60 KB, created by
Vladimir Lettiev
on 2005-12-05 14:25:05 MSK
(
hide
)
Description:
Патч_1
Filename:
MIME Type:
Creator:
Vladimir Lettiev
Created:
2005-12-05 14:25:05 MSK
Size:
1.60 KB
patch
obsolete
>--- mailman-2.1.6/Mailman/Handlers/Scrubber.py.cve-2005-3573 2005-11-28 14:39:37.929436602 -0700 >+++ mailman-2.1.6/Mailman/Handlers/Scrubber.py 2005-11-28 14:48:07.565275679 -0700 >@@ -300,7 +300,10 @@ > finally: > os.umask(omask) > desc = part.get('content-description', _('not available')) >- filename = part.get_filename(_('not available')) >+ try: >+ filename = part.get_filename(_('not available')) >+ except UnicodeDecodeError: >+ filename = _('not available') > filename = Utils.oneline(filename, lcset) > del part['content-type'] > del part['content-transfer-encoding'] >@@ -409,7 +412,10 @@ > # i18n file name is encoded > lcset = Utils.GetCharSet(mlist.preferred_language) > filename = Utils.oneline(msg.get_filename(''), lcset) >- fnext = os.path.splitext(filename)[1] >+ try: >+ fnext = os.path.splitext(filename)[1] >+ except UnicodeDecodeError: >+ fnext = '' > # For safety, we should confirm this is valid ext for content-type > # but we can use fnext if we introduce fnext filtering > if mm_cfg.SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION: >@@ -434,7 +440,10 @@ > try: > # Now base the filename on what's in the attachment, uniquifying it if > # necessary. >- filename = msg.get_filename() >+ try: >+ filename = msg.get_filename() >+ except UnicodeDecodeError: >+ filename = None > if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME: > filebase = 'attachment' > else:
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 8591
: 1274 |
1275