Traceback in private.py after security patch

I applied the patch at
http://www.list.org/CAN-2005-0202.txt to a
Mailman 2.1.4 installation and restarted the Web
server. The first time I tried to access the archives
for a private list using an email address that's *not*
subscribed to the list, I got the traceback below.

I backed out the patch and restarted the Web server. I
now get the
correct "Authorization failed." message.

Note that for the sake of paranoia I've obfuscated my
email address,
changed the names of private lists, and flipped a few
bits in the
cookie data and remote address below.

-- Roger

---------------

Bug in Mailman version 2.1.4

We're sorry, we hit a bug!

If you would like to help us identify the problem,
please email a copy of this page to the webmaster for
this site with a description of what happened. Thanks!
Traceback:

Traceback (most recent call last):
  File "/usr/local/mailman/scripts/driver", line 87, in
run_main
    main()
  File "/usr/local/mailman/Mailman/Cgi/private.py",
line 124, in main
    password, username):
  File "/usr/local/mailman/Mailman/SecurityManager.py",
line 220, in WebAuthenticate
    ok = self.CheckCookie(ac, user)
  File "/usr/local/mailman/Mailman/SecurityManager.py",
line 300, in CheckCookie
    ok = self.__checkone(c, authcontext, user)
  File "/usr/local/mailman/Mailman/SecurityManager.py",
line 310, in __checkone
    key, secret = self.AuthContextInfo(authcontext, user)
  File "/usr/local/mailman/Mailman/SecurityManager.py",
line 105, in AuthContextInfo
    secret = self.getMemberPassword(user)
  File
"/usr/local/mailman/Mailman/OldStyleMemberships.py",
line 102, in getMemberPassword
    raise Errors.NotAMemberError, member
NotAMemberError: <email address hidden>

Python information:

Variable Value
sys.version 2.2.2 (#1, Jan 30 2003, 21:26:22) [GCC 2.96
20000731 (Red Hat Linux 7.3 2.96-112)]
sys.executable /usr/bin/python2.2
sys.prefix /usr
sys.exec_prefix /usr
sys.path /usr
sys.platform linux2

Environment variables:

Variable Value
PATH_INFO /dfnh-foo/
HTTP_ACCEPT
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q
=0.8,image/png,*/*;q=0.5
CONTENT_TYPE application/x-www-form-urlencoded
HTTP_REFERER
http://mail.democracyfornewhampshire.com/mailman/private/dfnh-foo/
SERVER_SOFTWARE Apache/1.3.27 (Unix) (Red-Hat/Linux)
mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12
OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26
mod_throttle/3.1.2
PYTHONPATH /usr/local/mailman
SCRIPT_FILENAME /usr/local/mailman/cgi-bin/private
SERVER_ADMIN <email address hidden>
SCRIPT_NAME /mailman/private
SERVER_SIGNATURE
Apache/1.3.27 Server at democracyfornewhampshire.com
Port 80
REQUEST_METHOD POST
HTTP_HOST mail.democracyfornewhampshire.com
HTTP_KEEP_ALIVE 300
SERVER_PROTOCOL HTTP/1.1
QUERY_STRING
REQUEST_URI /mailman/private/dfnh-foo/
CONTENT_LENGTH 63
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686;
en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
HTTP_CONNECTION keep-alive
HTTP_COOKIE
dfnh-board+user+roger-no--at--spam-bcah.com=280200000069caae0b4273280000006
334613039396365333065623963386264373735633762643739656166333436386234356364
3536;
dfnh-members+admin=280200000069dcee0b42732800000033353539613836343166396565
376030323966663963313435646564633734303837666366666230
SERVER_NAME democracyfornewhampshire.com
REMOTE_ADDR 24.35.177.35
REMOTE_PORT 38224
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
PATH_TRANSLATED
/home/roger/democracyfornewhampshire.com/html/dfnh-foo/
SERVER_PORT 80
GATEWAY_INTERFACE CGI/1.1
HTTP_ACCEPT_ENCODING gzip,deflate
SERVER_ADDR 199.125.75.14
DOCUMENT_ROOT
/home/roger/democracyfornewhampshire.com/html

[http://sourceforge.net/tracker/index.php?func=detail&aid=1120477&group_id=103&atid=100103]