Publishing details
Changelog
mailman (1:2.1.29-1+deb10u5) buster; urgency=medium
* Non-maintainer upload by the Security Team.
* CSRF check for user tokens should not be case sensitive (Closes: #1001685)
- The fix for CVE-2021-42097 requires that the user submitting a
user options form match the user in the CSRF token submitted with
the form, but the match is case sensitive and should not be.
- There is also a potential NameError exception in logging a
mismatch.
-- Salvatore Bonaccorso <email address hidden> Sat, 26 Feb 2022 20:17:25 +0100
Builds
Package files