GNU Mailman

email.Utils.parsedate can return bogus date

Bug #558226 reported by tkikuchi on 2006-01-31

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Fix Released	Undecided	Unassigned

Bug Description

While the CVE entry of CVE-2005-4153 (see
http://www.securityfocus.com/bid/16248/info) is not
vulnerable for mailman-2.1.7 and newer, we should fix
the date parsing bug in email package. In the meantime
of the package renewal, this patch may be used to
workaround the bug.

CVE References

2005-4153

Revision history for this message

tkikuchi (tkikuchi-users) wrote on 2006-02-02:

#1

Logged In: YES
user_id=67709

Here is my revised patch. It looks like time.strftime() has
stricter value check.

Revision history for this message

tkikuchi (tkikuchi-users) wrote on 2006-02-02:

#2

RE: email.Utils.parsedate can return bogus date Edit (4.2 KiB, text/x-diff)

The file parsedate-wa20060202.patch was added: parsedate workarounds revised

Revision history for this message

bwarsaw (bwarsaw) wrote on 2006-02-09:

#3

Logged In: YES
user_id=12800

With email 2.5.7 this will no longer be necessary.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

RE: email.Utils.parsedate can return bogus date Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.