diff options
| -rw-r--r-- | Mailman/CSRFcheck.py | 2 | ||||
| -rw-r--r-- | Mailman/Cgi/admindb.py | 3 | ||||
| -rw-r--r-- | NEWS | 6 |
3 files changed, 9 insertions, 2 deletions
diff --git a/Mailman/CSRFcheck.py b/Mailman/CSRFcheck.py index 24e3e11b..4505f9d4 100644 --- a/Mailman/CSRFcheck.py +++ b/Mailman/CSRFcheck.py @@ -45,7 +45,7 @@ def csrf_token(mlist, contexts, user=None): for context in contexts: key, secret = mlist.AuthContextInfo(context, user) - if key: + if key and secret: break else: return None # not authenticated diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py index 32b0be76..45ba6492 100644 --- a/Mailman/Cgi/admindb.py +++ b/Mailman/Cgi/admindb.py @@ -59,7 +59,8 @@ if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS in (SSENDERTIME, STIME): else: ssort = SSENDER -AUTH_CONTEXTS = ((mm_cfg.AuthListModerator,)) +AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin, + mm_cfg.AuthSiteAdmin) @@ -5,6 +5,12 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. +2.1.37 (12-Nov-2021) + + Bug Fixes and other patches + + - A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833) + 2.1.36 (12-Nov-2021) Security |