Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 644147 - Patch for get_filename in email.message when content-disposition is missing
Patch for get_filename in email.message when content-disposition is missing
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: python (Show other bugs)
5.5
All Linux
urgent Severity high
: rc
: ---
Assigned To: Dave Malcolm
Petr Šplíchal
: ZStream
Depends On:
Blocks: 649250
  Show dependency treegraph
 
Reported: 2010-10-18 22:24 EDT by Masahiro Matsuya
Modified: 2018-10-27 07:47 EDT (History)
5 users (show)

See Also:
Fixed In Version: python-2.4.3-36.el5
Doc Type: Bug Fix
Doc Text:
The email module incorrectly implemented the logic for obtaining attachment filenames: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-13 18:10:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0027 normal SHIPPED_LIVE Low: python security, bug fix, and enhancement update 2011-01-13 05:58:29 EST

  None (edit)
Description Masahiro Matsuya 2010-10-18 22:24:21 EDT 
Description of problem:

This is a request to backport the following bugfix.

   http://bugs.python.org/issue7082

Case Summary:
============

Upstream bug: http://bugs.python.org/issue7082

message.get_filename() in python email incorrectly looks for a "name" parameter in Content-Disposition header when it does not find a "filename" parameter. This is wrong, since there is no such defined parameter. Instead, there is a "name" parameter in Content-Type header, which ought to be checked in case the "filename" parameter in content-Disposition does not exist.

Issues:
---------

* The issue impacts the customer of our customer, hence they need an urgent fix for this.
* The fix is trivial, but may be viewed as a behaviour change and hence not recommended for RHEL-5
* The "name" parameter for Content-Type is apparently deprecated:

http://www.imc.org/ietf-822/old-archive2/msg02121.html

but a number of applications still use it (Microsoft's .Net framework) and hence needs to be supported.


Version-Release number of selected component (if applicable):
python-2.4.3-27

How reproducible:
Always


Actual results:
message.get_filename() in python email incorrectly looks for a "name" parameter in Content-Disposition header when it does not find a "filename" parameter

Expected results:
Content-Type header should be checked

Additional info:

patch:
svn co http://svn.python.org/projects/python/trunk python
svn diff -r75300:75301
Comment 9 Eva Kopalova 2010-12-20 05:20:34 EST 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The email module incorrectly implemented the logic for obtaining attachment filenames: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue.
Comment 11 errata-xmlrpc 2011-01-13 18:10:29 EST 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0027.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.