GNU Mailman 2.1.36

Milestone information

Project:
GNU Mailman
Series:
2.1
Version:
2.1.36
Released:
 
Registrant:
Mark Sapiro
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
2 Mark Sapiro
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
2 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mailman-2.1.36.tgz (md5, sig) Release tarball 74
last downloaded 5 days ago
Total downloads: 74

Release notes 

2.1.36 (12-Nov-2021)

  Security

    - A potential XSS attack via the user options page has been reported by
      Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)

    - A potential for for a list moderator to carry out an off-line brute force
      attack to obtain the list admin password has been reported by Andre
      Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
      CVE-2021-43332 (LP: #1949403)

Changelog 

This release does not have a changelog.

0 blueprints and 2 bugs targeted

Bug report Importance Assignee Status
1949401 #1949401 Potential XSS attack via the user options page. 4 Medium Mark Sapiro  10 Fix Released
1949403 #1949403 A vulnerability could allow a list moderator to discover the admin password. 1 Undecided Mark Sapiro  10 Fix Released
This milestone contains Public information
Everyone can see this information.