Ubuntu
mailman package

mailman 1:2.1.29-1ubuntu3.1 source package in Ubuntu

Changelog

mailman (1:2.1.29-1ubuntu3.1) focal-security; urgency=medium

  * SECURITY UPDATE: Potential Privilege escalation via the user
    options page. (LP: #1947639)
    - debian/patches/CVE-2021-42096-CVE-2021-42097.patch: Always make
      the CSRF token for the user
    - CVE-2021-42096
  * SECURITY UPDATE: Potential CSRF attack via the user options page
    (LP: #1947640)
    - debian/patches/CVE-2021-42096-CVE-2021-42097.patch: ensure token
      is for the user whose option page is being requested
    - CVE-2021-42097
  * SECURITY UPDATE: Arbitrary Content Injection
    - debian/patches/CVE-2020-12108.diff: removed
      safeusers variable that allows arbitrary content
      to be injected in Mailman/Cgi/options.py.
    - debian/patches/CVE-2020-15011.diff: checks if
      roster private, if so log the info in Mailman/Cgi/private.py.
    - CVE-2020-12108
    - CVE-2020-15011
  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2020-12137.diff: use .bin extension
      for scrubbed application/octet-stream files in
      Mailman/Handlers/Scrubber.py.
    - CVE-2020-12137

 -- Paulo Flabiano Smorigo <email address hidden>  Tue, 26 Oct 2021 17:47:22 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
mail
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe mail
Focal security universe mail

Downloads

File Size SHA-256 Checksum
mailman_2.1.29.orig.tar.gz 8.9 MiB 838872713601e8a124146e550f53709482c1ef168f1e16d201465c651cbf0d2c
mailman_2.1.29-1ubuntu3.1.debian.tar.xz 100.0 KiB 66231c52f7717f84aecee108d53508c2be2072149206e0ee70f6a3b7e82c4924
mailman_2.1.29-1ubuntu3.1.dsc 2.2 KiB 5ba2cc4bbde7912ae7ac21825cf1098038f5869879862162184f25e143e7a6ba

View changes file

Binary packages built by this source

mailman: Web-based mailing list manager (legacy branch)

 The GNU Mailing List Manager, which manages email discussion lists.
 Mailman gives each mailing list a web page, and allows users to
 subscribe, unsubscribe, etc. over the web. The list manager can
 administer his or her list entirely from the web.
 .
 Mailman also integrates most things people want to do with mailing
 lists, including archiving, mail <-> news gateways, and so on. It
 has all of the features you expect from such a product, plus
 integrated support for the web (including web based archiving),
 automated bounce handling and integrated spam prevention.
 .
 Note that this package contains the legacy (2.x) branch of Mailman.
 All new development happens in the Mailman 3 suite, available in
 Debian via the mailman3 metapackage.

mailman-dbgsym: debug symbols for mailman