Publishing details

• Published on 2022-03-26

Changelog

mailman (1:2.1.29-1+deb10u5) buster; urgency=medium

  * Non-maintainer upload by the Security Team.
  * CSRF check for user tokens should not be case sensitive (Closes: #1001685)
    - The fix for CVE-2021-42097 requires that the user submitting a
      user options form match the user in the CSRF token submitted with
      the form, but the match is case sensitive and should not be.
    - There is also a potential NameError exception in logging a
      mismatch.

 -- Salvatore Bonaccorso <email address hidden>  Sat, 26 Feb 2022 20:17:25 +0100

Builds

Package files

• mailman_2.1.29-1+deb10u5.debian.tar.xz (100.5 KiB)
• mailman_2.1.29-1+deb10u5.dsc (2.2 KiB)
• mailman_2.1.29.orig.tar.gz (8.9 MiB)