aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2021-10-18 16:56:42 -0700
committerMark Sapiro <mark@msapiro.net>2021-10-18 16:56:42 -0700
commit5ea7ee4e955d96177e461b0a1f2c2be04df12ea8 (patch)
treeade915f7858d465fa9d837d385b1b4db5704d949 /NEWS
parente5cc9a25db87802b300834a890d0c5e274deaf6d (diff)
downloadmailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.gz
mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.xz
mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.zip
Fixes for CVEs 2021-42096 and 2021-42097.
Diffstat (limited to '')
-rw-r--r--NEWS12
1 files changed, 11 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 31c6925b..86b09d70 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,17 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
Here is a history of user visible changes to Mailman.
-2.1.35 (xx-xxx-xxxx)
+2.1.35 (19-Oct-2021)
+
+ Security
+
+ - A potential for for a list member to carry out an off-line brute force
+ attack to obtain the list admin password has been reported by Andre
+ Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
+ CVE-2021-42096 (LP:#1947639)
+
+ - A CSRF attack via the user options page could allow takeover of a users
+ account. This is fixed. CVE-2021-42097 (LP:#1947640)
Bug Fixes and other patches