Debian Bug report logs -
#327732
Messages with invalid filenames don't get archived
Reported by: Aliet Santiesteban Sifontes <aliet@tesla.cujae.edu.cu>
Date: Sun, 11 Sep 2005 19:03:01 UTC
Severity: normal
Found in version mailman/2.1.5-8
Fixed in version mailman/2.1.5-10
Done: Lionel Elie Mamane <lmamane@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#327732
; Package mailman
.
(full text, mbox, link).
Acknowledgement sent to Aliet Santiesteban Sifontes <aliet@tesla.cujae.edu.cu>
:
New Bug report received and forwarded. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
Your message specified a Severity: in the pseudo-header, but
the severity value |grave| was not recognised.
The default severity normal is being used instead.
The recognised values are: critical, grave, serious, important, normal, minor, wishlist, fixed.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mailman
Version: 2.1.5-8
Severity: |grave|
Site running several lists, it seems that a specially formed message can Dos a list
due to impropper handling of a exception, the lists sops working, here the mailman error, all messages then
goes to shunt:
Sep 11 13:34:35 2005 (12535) Uncaught runner exception: 'utf8' codec can't decode bytes in position 1-4: invalid data
Sep 11 13:34:35 2005 (12535) Traceback (most recent call last):
File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 111, in _oneloop
self._onefile(msg, msgdata)
File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 167, in _onefile
keepqueued = self._dispose(mlist, msg, msgdata)
File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
more = self._dopipeline(mlist, msg, msgdata, pipeline)
File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
sys.modules[modname].process(mlist, msg, msgdata)
File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 91, in process
send_digests(mlist, mboxfp)
File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 132, in send_digests
send_i18n_digests(mlist, mboxfp)
File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 306, in send_i18n_digests
msg = scrubber(mlist, msg)
File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 265, in process
url = save_attachment(mlist, part, dir)
File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 361, in save_attachment
fnext = os.path.splitext(msg.get_filename(''))[1]
File "/usr/lib/python2.3/email/Message.py", line 731, in get_filename
return unicode(newvalue[2], newvalue[0] or 'us-ascii')
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 1-4: invalid data
Sep 11 13:34:35 2005 (12535) SHUNTING: 1126458561.9029009+2ca02ecc54d36f4e0a88a7ab17fc28736bd23635
Any ideas?
Information forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#327732
; Package mailman
.
(full text, mbox, link).
Acknowledgement sent to Aliet Santiesteban Sifontes <aliet@tesla.cujae.edu.cu>
:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
(full text, mbox, link).
Message #10 received at 327732@bugs.debian.org (full text, mbox, reply):
Found the problematic amil, this can make a Dos to any list:
...more email data
--TB36FDmn/VVEgNH/
Content-Type: application/msword
Content-Disposition: attachment;
filename*=utf-8''C%F3mo%20montar%20un%20servidor%20Samba%20PDC%20en%20una%20red%20de%20m%E1quinas%20MS%20Windows%20XP%
Content-Transfer-Encoding: base64
...more email data
Severity set to `grave'.
Request was from Maykel Moya <moya@infomed.sld.cu>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#327732
; Package mailman
.
(full text, mbox, link).
Acknowledgement sent to Joost van Baal <joostvb-debian-bugs-20051024-9@mdcc.cx>
:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
(full text, mbox, link).
Message #17 received at 327732@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
FWIW: A patch which might fix this problem is available from
http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
.
This bug likely is _not_ fixed in mailman 2.1.6.
Bye,
Joost
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Tollef Fog Heen <tfheen@debian.org>
:
Bug#327732
; Package mailman
.
(full text, mbox, link).
Acknowledgement sent to Lionel Elie Mamane <lionel@mamane.lu>
:
Extra info received and forwarded to list. Copy sent to Tollef Fog Heen <tfheen@debian.org>
.
(full text, mbox, link).
Message #22 received at 327732@bugs.debian.org (full text, mbox, reply):
tags 327732 +pending security
tags 326024 +pending
tags 310451 +pending
thanks
A patch hopefully fixing this bug has been committed to the SVN
repository of the package. If it survives some yet-to-be-made testing,
it will be part of the next upload.
Yours truly,
--
Lionel Mamane
Tags added: pending, security
Request was from Lionel Elie Mamane <lionel@mamane.lu>
to control@bugs.debian.org
.
(full text, mbox, link).
Tags removed: security
Request was from Lionel Elie Mamane <lionel@mamane.lu>
to control@bugs.debian.org
.
(full text, mbox, link).
Changed Bug title.
Request was from Lionel Elie Mamane <lionel@mamane.lu>
to control@bugs.debian.org
.
(full text, mbox, link).
Severity set to `normal'.
Request was from Lionel Elie Mamane <lionel@mamane.lu>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to Lionel Elie Mamane <lmamane@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Aliet Santiesteban Sifontes <aliet@tesla.cujae.edu.cu>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #37 received at 327732-close@bugs.debian.org (full text, mbox, reply):
Source: mailman
Source-Version: 2.1.5-10
We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:
mailman_2.1.5-10.diff.gz
to pool/main/m/mailman/mailman_2.1.5-10.diff.gz
mailman_2.1.5-10.dsc
to pool/main/m/mailman/mailman_2.1.5-10.dsc
mailman_2.1.5-10_sparc.deb
to pool/main/m/mailman/mailman_2.1.5-10_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 327732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lionel Elie Mamane <lmamane@debian.org> (supplier of updated mailman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.7
Date: Sat, 26 Nov 2005 10:03:23 +0100
Source: mailman
Binary: mailman
Architecture: source sparc
Version: 2.1.5-10
Distribution: unstable
Urgency: low
Maintainer: Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org>
Changed-By: Lionel Elie Mamane <lmamane@debian.org>
Description:
mailman - Powerful, web-based mailing list manager
Closes: 244700 298842 310451 312673 313800 315358 326024 327732 332018 339582 339890 340036
Changes:
mailman (2.1.5-10) unstable; urgency=low
.
* Merge with 2.1.5-8ubuntu2:
Python 2.4 compatibility patch in bounce handling.
* Don't fall apart if the filename of an attachment is an invalid UTF-8
string (closes: #327732)
* Don't die on overflow in date handling (closes: #326024)
* Enable error handling in HyperArch (closes: #310451)
* Ensure list-id is always in brackets in headers (closes: #244700)
* Admin page: don't assume subscribed emails are pure ASCII
(closes: #315358)
* Bump up Standards-Version to 3.6.2
* Add vietnamese translation (closes: #312673)
* Apply corrections to german translation (closes: #313800)
* Adapt to the md5sum in dpkg or coreutils automatically (closes: #340036)
* More robust parsing of /var/lib/ucf/hashfile:
- Don't touch files of other packages that happen to have
our file's full path as subpath.
- Accept any number of spaces between the hash and the filename there.
* Work around ucf bug #238730 for postfix-to-mailman.py, too.
* Fix traceback on Danish version of options page (closes: #339582)
* Fix the private authentication form to point to the right file
(closes: #298842)
* Add Swedish debconf template translation (closes: #339890)
* Depend on any debconf-2.0 implementation instead of debconf
specifically (closes: #332018)
* Copyright file:
- New FSF address
- List the other maintainers
* Depend on adduser, used in preinst
* Move away from deprecated user.group syntax in chown
* Ensure package is built with autoconf 2.5x, not autoconf 2.13
Files:
5b95f8fb72914b06671e9f6456a4c98f 740 mail optional mailman_2.1.5-10.dsc
bd18d18647a42bf574838919762a7324 200228 mail optional mailman_2.1.5-10.diff.gz
8593eb6dd20d33bb913d332d46861d3b 6620074 mail optional mailman_2.1.5-10_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iEYEAREDAAYFAkOIKvQACgkQscRzFz57S3O5qACeM6eQIR43ywNLUdfEfjW6Vigt
qmUAn33W4Yg9cATH7ZSjjHnXObSGdNfk
=oT8O
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org>
:
Bug#327732
; Package mailman
.
(full text, mbox, link).
Acknowledgement sent to Martin Schulze <joey@infodrom.org>
:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #42 received at 327732@bugs.debian.org (full text, mbox, reply):
This issue is assigned CVE-2005-3573.
Regards,
Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
Please always Cc to me when replying to me on the lists.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 25 Jun 2007 03:17:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:07:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.