diff options
author | Mark Sapiro <mark@msapiro.net> | 2021-10-18 16:56:42 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2021-10-18 16:56:42 -0700 |
commit | 5ea7ee4e955d96177e461b0a1f2c2be04df12ea8 (patch) | |
tree | ade915f7858d465fa9d837d385b1b4db5704d949 /NEWS | |
parent | e5cc9a25db87802b300834a890d0c5e274deaf6d (diff) | |
download | mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.gz mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.tar.xz mailman2-5ea7ee4e955d96177e461b0a1f2c2be04df12ea8.zip |
Fixes for CVEs 2021-42096 and 2021-42097.
Diffstat (limited to '')
-rw-r--r-- | NEWS | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -5,7 +5,17 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. -2.1.35 (xx-xxx-xxxx) +2.1.35 (19-Oct-2021) + + Security + + - A potential for for a list member to carry out an off-line brute force + attack to obtain the list admin password has been reported by Andre + Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. + CVE-2021-42096 (LP:#1947639) + + - A CSRF attack via the user options page could allow takeover of a users + account. This is fixed. CVE-2021-42097 (LP:#1947640) Bug Fixes and other patches |