mhonarc-commits
[Top] [All Lists]
<prev [Date] next>
[Advanced]

CVS: mhonarc/MHonArc CHANGES,1.155,1.156

2011-01-09 02:48:57
from [Earl Hood] [Permanent Link] 
Update of mhonarc/MHonArc
Modified Files:
	CHANGES 
Log Message:
Bug #32080: Improvements to mhtxthtml.pl code to fix vulnerability
and to improve robustness and speed of filtering.  HTML data that
appears to be too malformed will be rejected.

Updated version number to 2.6.17 for release.
Updated freshmeat description for release.


======================================================================
FILE: mhonarc/MHonArc/CHANGES
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/CHANGES?rev=1.156>

<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/CHANGES.diff?r1=1.155&r2=1.156&diff_format=h>
--- CHANGES	3 Jan 2011 06:46:40 -0000	1.155
+++ CHANGES	9 Jan 2011 08:48:53 -0000	1.156
@@ -14,5 +14,5 @@
 YYYY/MM/DD
 ============================================================================
-YYYY/MM/DD      (2.6.17)
+2011/01/09      (2.6.17)
 
 * Security Fixes:
@@ -24,4 +24,5 @@
     32014   CVE-2010-1677: DoS when processing html messages with deep
             tag nesting
+    32080   Specially crafted <base href> can lead to XSS exploit
     ------  ------------------------------------------------------------
 
@@ -54,13 +55,12 @@
 
 * When KEEPONRMM is enabled, messages that are removed from
-  the archive do not cause linked messages to be updated.
-  This allows for pages that use $TSLICE$ to maintain thread
-  links for messages that "fall off" of the maintained list
-  of archived messages.
+  the archive do not cause linked messages to be updated.  This allows
+  for pages that use $TSLICE$ to maintain thread links for messages
+  that "fall off" of the maintained list of archived messages.
 
 * Added pre-extraction of From name and From address.  This
-  provides a performance improvement for archives that make use
-  of the $FROMADDR$ and $FROMADDRNAME$ resource variables along
-  with author sorting.
+  provides a performance improvement for archives that make use of
+  the $FROMADDR$ and $FROMADDRNAME$ resource variables along with
+  author sorting.
 
 * Added mapping of message index keys to time stamp.  This should
@@ -78,4 +78,9 @@
   in effect.
 
+* Simplified regular expression for detecting addresses.
+  New expression performs significantly better than the previous
+  expression, but still matches the vast majority of addresses
+  used today.
+
 ============================================================================
 2006/06/09      (2.6.16)

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-COMMITS
[More with this subject...]
Previous by Date:  CVS: mhonarc/MHonArc/etc freshmeat.spec,1.7,1.8, Earl Hood
Next by Date:  CVS: mhonarc/MHonArc/lib mhamain.pl,2.98,2.99 mhtxthtml.pl,2.40,2.41, Earl Hood
Previous by Thread:  CVS: mhonarc/MHonArc/etc freshmeat.spec,1.7,1.8, Earl Hood
Next by Thread:  CVS: mhonarc/MHonArc/lib mhamain.pl,2.98,2.99 mhtxthtml.pl,2.40,2.41, Earl Hood
Indexes:  [Date] [Top] [All Lists]