mailman 1:2.1.29-1ubuntu3.1 source package in Ubuntu
Changelog
mailman (1:2.1.29-1ubuntu3.1) focal-security; urgency=medium * SECURITY UPDATE: Potential Privilege escalation via the user options page. (LP: #1947639) - debian/patches/CVE-2021-42096-CVE-2021-42097.patch: Always make the CSRF token for the user - CVE-2021-42096 * SECURITY UPDATE: Potential CSRF attack via the user options page (LP: #1947640) - debian/patches/CVE-2021-42096-CVE-2021-42097.patch: ensure token is for the user whose option page is being requested - CVE-2021-42097 * SECURITY UPDATE: Arbitrary Content Injection - debian/patches/CVE-2020-12108.diff: removed safeusers variable that allows arbitrary content to be injected in Mailman/Cgi/options.py. - debian/patches/CVE-2020-15011.diff: checks if roster private, if so log the info in Mailman/Cgi/private.py. - CVE-2020-12108 - CVE-2020-15011 * SECURITY UPDATE: XSS vulnerability - debian/patches/CVE-2020-12137.diff: use .bin extension for scrubbed application/octet-stream files in Mailman/Handlers/Scrubber.py. - CVE-2020-12137 -- Paulo Flabiano Smorigo <email address hidden> Tue, 26 Oct 2021 17:47:22 +0000
Upload details
- Uploaded by:
- Paulo Flabiano Smorigo
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Focal | updates | universe | ||
Focal | security | universe |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
mailman_2.1.29.orig.tar.gz | 8.9 MiB | 838872713601e8a124146e550f53709482c1ef168f1e16d201465c651cbf0d2c |
mailman_2.1.29-1ubuntu3.1.debian.tar.xz | 100.0 KiB | 66231c52f7717f84aecee108d53508c2be2072149206e0ee70f6a3b7e82c4924 |
mailman_2.1.29-1ubuntu3.1.dsc | 2.2 KiB | 5ba2cc4bbde7912ae7ac21825cf1098038f5869879862162184f25e143e7a6ba |
Available diffs
Binary packages built by this source
- mailman: Web-based mailing list manager (legacy branch)
The GNU Mailing List Manager, which manages email discussion lists.
Mailman gives each mailing list a web page, and allows users to
subscribe, unsubscribe, etc. over the web. The list manager can
administer his or her list entirely from the web.
.
Mailman also integrates most things people want to do with mailing
lists, including archiving, mail <-> news gateways, and so on. It
has all of the features you expect from such a product, plus
integrated support for the web (including web based archiving),
automated bounce handling and integrated spam prevention.
.
Note that this package contains the legacy (2.x) branch of Mailman.
All new development happens in the Mailman 3 suite, available in
Debian via the mailman3 metapackage.
- mailman-dbgsym: debug symbols for mailman