From 84e068463de3bde3c6f352a337fb1302a3172d2b Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 25 Oct 2021 14:53:54 +0800
Subject: [PATCH] fix CVE-2020-15011

(cherry picked from commit 743d820ab532a7b5a2c006bc31a52986139210ff)
---
 CVE-2020-15011.patch | 26 ++++++++++++++++++++++++++
 mailman.spec         |  6 +++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-15011.patch

diff --git a/CVE-2020-15011.patch b/CVE-2020-15011.patch
new file mode 100644
index 0000000..d35ff9f
--- /dev/null
+++ b/CVE-2020-15011.patch
@@ -0,0 +1,26 @@
+Description: Arbitrary content injection via Cgi/private.py archive login page
+Origin: https://bugs.launchpad.net/mailman/+bug/1877379
+Author: Mark Sapiro
+
+=== modified file 'Mailman/Cgi/private.py'
+Index: mailman-2.1.26/Mailman/Cgi/private.py
+===================================================================
+--- mailman-2.1.26.orig/Mailman/Cgi/private.py
++++ mailman-2.1.26/Mailman/Cgi/private.py
+@@ -155,13 +155,9 @@ def main():
+             if mlist.isMember(username):
+                 mlist.MailUserPassword(username)
+             elif username:
+-                # Not a member
+-                if mlist.private_roster == 0:
+-                    # Public rosters
+-                    safeuser = Utils.websafe(username)
+-                    message = Bold(FontSize('+1',
+-                                  _('No such member: %(safeuser)s.'))).Format()
+-                else:
++                # Not a member. Don't report address in any case. It leads to
++                # Content injection. Just log if roster is not public.
++                if mlist.private_roster != 0:
+                     syslog('mischief',
+                        'Reminder attempt of non-member w/ private rosters: %s',
+                        username)
diff --git a/mailman.spec b/mailman.spec
index ab9200b..512b40e 100644
--- a/mailman.spec
+++ b/mailman.spec
@@ -3,7 +3,7 @@
 
 Name:           mailman
 Version:        2.1.29
-Release:        6
+Release:        7
 Epoch:          3
 Summary:        GNU Mailing List Manager
 License:        GPLv2+
@@ -29,6 +29,7 @@ Patch21:        mailman-2.1.13-env-python.patch
 Patch22:        mailman-2.1.15-check_perms.patch
 Patch23:        CVE-2020-12108.patch
 Patch24:        CVE-2020-12137.patch
+Patch25:        CVE-2020-15011.patch
 
 BuildRequires:  automake gcc python2-devel systemd python2-dns
 Requires(pre):  shadow-utils
@@ -423,6 +424,9 @@ exit 0
 %dir %attr(775,root,%{name}) /var/lock/%{name}
 
 %changelog
+* Mon Oct 25 2021 yaoxin <yaoxin30@huawei.com> - 2.1.29-7
+- Fix CVE-2020-15011
+
 * Tue Oct 19 2021 liwu <liwu13@huawei.com> - 2.1.29-6
 - Fix CVE-2020-12108 CVE-2020-12137
 
-- 
Gitee