Back to mailman PTS page

Accepted mailman 1:2.1.29-1+deb10u5 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 26 Feb 2022 20:17:25 +0100
Source: mailman
Architecture: source
Version: 1:2.1.29-1+deb10u5
Distribution: buster
Urgency: medium
Maintainer: Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1001685
Changes:
 mailman (1:2.1.29-1+deb10u5) buster; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * CSRF check for user tokens should not be case sensitive (Closes: #1001685)
     - The fix for CVE-2021-42097 requires that the user submitting a
       user options form match the user in the CSRF token submitted with
       the form, but the match is case sensitive and should not be.
     - There is also a potential NameError exception in logging a
       mismatch.
Checksums-Sha1: 
 841b7760a07a57924498f487647a00c5d15db69a 2238 mailman_2.1.29-1+deb10u5.dsc
 3b1248697bbf917fa0c43e569c029d1e91482f54 102960 mailman_2.1.29-1+deb10u5.debian.tar.xz
Checksums-Sha256: 
 693ad825ae81c26831dfea70232273337aea7f9762505b87c1d209118c2d4259 2238 mailman_2.1.29-1+deb10u5.dsc
 a2f7c31604ea69dcc7d612e3523992efd72465ae4e0af61fe49bb473e8981523 102960 mailman_2.1.29-1+deb10u5.debian.tar.xz
Files: 
 ae655347b5fb573b833c105c751eb81e 2238 mail optional mailman_2.1.29-1+deb10u5.dsc
 1eafbb67653ccf1585cd0b7dc8f893e2 102960 mail optional mailman_2.1.29-1+deb10u5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIahVdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EGYwQAJYzSwGMoXmZa76idNzFOMR5r5M0Kt8s
/3uTVtG0kqt94aDYkfdD0guEUIvayS76DvHTkkWwvprdpokqCBNyKt2l0S+eSVLi
gWIObAH0169WGQdbnGbZTKf+/+gxegF7FV7zUqnva3/KG0kK2+auVE2f2khmc/dY
RV5Aop1rlQanqqLuE37oJRivFDEQcPzJRZDYcyZY/wXuvUDdrOW6TX9j/jcvASRp
JiEbaZJlTElwxGSGi9zMcSe8kjTveF7lRp2f5Fb3BHqpzl+EDV6orhT1q0DwHVDB
ct68zhfTytpap1h+DjkNfN8IkDLrIqJXrWdUVpXNycnBehgIielyK7I56egcbihQ
GePSdqEZYIMlsurK63+sP3R50lMe0vk7bkgn9E4QPD+0n8wHSmtlQ7nvRh0UydW7
DZ1qThFxYo121Q64s1mJgbKta9jYJHQpuECPFi4v8W/G/nTn6ryoN/7L/U2Tf3px
M0PO3lbtOFOHbq4OFpeUuMmINQ+pwD8RUqGgVDOtFscsrzKqK1SyMjKNMws5BYi7
OfLOBpZzw7lOSPv4lO32s0RmmN07bX7LTzp/qNq0eG72zQKHvucDZzTmU5Go7u8o
IxXOLa8YjIZOxW8kXqmN+N55lMqU0oDByDA7KUbuwwxuX5TtD+mD0r9sutFH+b1S
HZZCRelxuNVM
=1Qk+
-----END PGP SIGNATURE-----