[ubuntu/bionic-security] mailman 1:2.1.26-1ubuntu0.4 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Fri Oct 22 04:29:57 UTC 2021
mailman (1:2.1.26-1ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Potential Privilege escalation via the user
options page. (LP: #1947639)
- debian/patches/CVE-2021-42096-CVE-2021-42097.patch: Always make
the CSRF token for the user
- CVE-2021-42096
* SECURITY UPDATE: Potential CSRF attack via the user options page
(LP: #1947640)
- debian/patches/CVE-2021-42096-CVE-2021-42097.patch: ensure token
is for the user whose option page is being requested
- CVE-2021-42097
Date: 2021-10-21 22:39:10.548504+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list