mailman 1:2.1.29-1+deb10u5 source package in Debian
Changelog
mailman (1:2.1.29-1+deb10u5) buster; urgency=medium
* Non-maintainer upload by the Security Team.
* CSRF check for user tokens should not be case sensitive (Closes: #1001685)
- The fix for CVE-2021-42097 requires that the user submitting a
user options form match the user in the CSRF token submitted with
the form, but the match is case sensitive and should not be.
- There is also a potential NameError exception in logging a
mismatch.
-- Salvatore Bonaccorso <email address hidden> Sat, 26 Feb 2022 20:17:25 +0100
Upload details
- Uploaded by:
- Mailman for Debian
- Uploaded to:
- Buster
- Original maintainer:
- Mailman for Debian
- Architectures:
- any
- Section:
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Buster | release | main |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| mailman_2.1.29-1+deb10u5.dsc | 2.2 KiB | 693ad825ae81c26831dfea70232273337aea7f9762505b87c1d209118c2d4259 |
| mailman_2.1.29.orig.tar.gz | 8.9 MiB | 838872713601e8a124146e550f53709482c1ef168f1e16d201465c651cbf0d2c |
| mailman_2.1.29-1+deb10u5.debian.tar.xz | 100.5 KiB | a2f7c31604ea69dcc7d612e3523992efd72465ae4e0af61fe49bb473e8981523 |
No changes file available.
