[Pkg-mailman-hackers] Bug#225942: mailman: Mailman dies when processing messages with non-ascii characters in headers

Fernando J. Rodríguez (Herr Groucho) groucho at lugmen.org.ar
Sun Mar 26 15:48:42 UTC 2006 

Package: mailman
Version: 2.1.5-8sarge1
Followup-For: Bug #225942

This report is to let you know that this problem reported against
Mailman 2.0.11 in Woody still occurs in Sarge's version.
In our case, it got triggered by a spammer sending a subject line like
this:

Date: Sat, 25 Mar 2006 21:35:03 GMT
Subject: Help Your Romance Wíth Víagra    __ %junk

with those non-ascii "i acute" characters encoded plainly in ISO-8859-1.
The log goes:
Mar 25 05:34:38 2006 (16439) Uncaught runner exception: 'ascii' codec
can't decode byte 0xed in position 19: ordinal not in range(128)
Mar 25 05:34:38 2006 (16439) Traceback (most recent call last):
  File "/var/lib/mailman/Mailman/Queue/Runner.py", line 111, in
    _oneloop self._onefile(msg, msgdata)
  File "/var/lib/mailman/Mailman/Queue/Runner.py", line 167, in
    _onefile keepqueued = self._dispose(mlist, msg, msgdata)
  File "/var/lib/mailman/Mailman/Queue/CommandRunner.py", line 223,
    in _dispose res = Results(mlist, msg, msgdata)
  File "/var/lib/mailman/Mailman/Queue/CommandRunner.py", line 77,
    in __init__ subj = make_header(decode_header(subj)).__unicode__()
  File "/usr/lib/python2.3/email/Header.py", line 144, in
    make_header h.append(s, charset)
  File "/usr/lib/python2.3/email/Header.py", line 272, in
    append ustr = unicode(s, incodec, errors)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xed in position
19: ordinal not in range(128)
Mar 25 05:34:42 2006 (16439) SHUNTING:
1143275673.071486+6df576549af22f5db72ede3bb70e1da2aed8f58d

Security Tracker has this advisory stating that this problem is fixed in
Mailman 2.1.6:
http://securitytracker.com/alerts/2006/Mar/1015735.html

I haven't yet tried Mailman 2.1.7 from unstable/Etch, to see if that solves
the problem, because the dependancies it has would make me upgrade libc6
an then mostly the whole system. A backport would be greatly
appreciated.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=spanish, LC_CTYPE=spanish (charmap=ISO-8859-1) (ignored: LC_ALL set to es_ES)

Versions of packages mailman depends on:
ii  apache2-mpm-prefork [httpd] 2.0.54-5     traditional model for Apache2
ii  cron                        3.0pl1-86    management of regular background p
ii  debconf                     1.4.30.13    Debian configuration management sy
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  logrotate                   3.7-5        Log rotation utility
ii  pwgen                       2.03-1       Automatic Password generation
ii  python                      2.3.5-2      An interactive high-level object-o
ii  qmail [mail-transport-agent 1.03-29      Secure, reliable, efficient, simpl
ii  ucf                         1.17         Update Configuration File: preserv

-- debconf information:
* mailman/queue_files_present:
* mailman/default_server_language: es
  mailman/gate_news: true
* mailman/site_languages: en, es, pt, pt_BR
* mailman/used_languages: en es pt pt_BR
* mailman/create_site_list:

More information about the Pkg-mailman-hackers mailing list