From 9741161c4d404a1364c701813b77f81779d7f6a5 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Fri, 12 Nov 2021 15:23:52 -0800
Subject: Fix admindb for list with no mod password.

---
 Mailman/CSRFcheck.py   | 2 +-
 Mailman/Cgi/admindb.py | 3 ++-
 NEWS                   | 6 ++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Mailman/CSRFcheck.py b/Mailman/CSRFcheck.py
index 24e3e11b..4505f9d4 100644
--- a/Mailman/CSRFcheck.py
+++ b/Mailman/CSRFcheck.py
@@ -45,7 +45,7 @@ def csrf_token(mlist, contexts, user=None):
         
     for context in contexts:
         key, secret = mlist.AuthContextInfo(context, user)
-        if key:
+        if key and secret:
             break
     else:
         return None     # not authenticated
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index 32b0be76..45ba6492 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -59,7 +59,8 @@ if mm_cfg.DISPLAY_HELD_SUMMARY_SORT_BUTTONS in (SSENDERTIME, STIME):
 else:
     ssort = SSENDER
 
-AUTH_CONTEXTS = ((mm_cfg.AuthListModerator,))
+AUTH_CONTEXTS = (mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin,
+                 mm_cfg.AuthSiteAdmin)
 
 
 
diff --git a/NEWS b/NEWS
index 9614c1dd..3ccc4c76 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
+2.1.37 (12-Nov-2021)
+
+  Bug Fixes and other patches
+
+    - A bug in the fix for CVE-2021-43332 has neen fixed.  (LP: #1950833)
+
 2.1.36 (12-Nov-2021)
 
   Security
-- 
cgit v1.2.3