mailman/mailman-CVE-2020-12137.patch

15 lines
446 B
Diff

=== modified file 'Mailman/Handlers/Scrubber.py'
--- Mailman/Handlers/Scrubber.py 2018-06-17 23:47:34 +0000
+++ Mailman/Handlers/Scrubber.py 2018-11-10 18:57:54 +0000
@@ -87,6 +87,9 @@
all = guess_all_extensions(ctype, strict=False)
if ext in all:
return ext
+ if ctype.lower == 'application/octet-stream':
+ # For this type, all[0] is '.obj'. '.bin' is better.
+ return '.bin'
return all and all[0]