aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Mailman/Version.py4
-rw-r--r--NEWS10
2 files changed, 7 insertions, 7 deletions
diff --git a/Mailman/Version.py b/Mailman/Version.py
index 36ac9c11..a3828e4b 100644
--- a/Mailman/Version.py
+++ b/Mailman/Version.py
@@ -16,7 +16,7 @@
# USA.
# Mailman version
-VERSION = '2.1.35'
+VERSION = '2.1.36'
# And as a hex number in the manner of PY_VERSION_HEX
ALPHA = 0xa
@@ -28,7 +28,7 @@ FINAL = 0xf
MAJOR_REV = 2
MINOR_REV = 1
-MICRO_REV = 35
+MICRO_REV = 36
REL_LEVEL = FINAL
# at most 15 beta releases!
REL_SERIAL = 0
diff --git a/NEWS b/NEWS
index 184f968b..9614c1dd 100644
--- a/NEWS
+++ b/NEWS
@@ -5,17 +5,17 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
Here is a history of user visible changes to Mailman.
-2.1.36 (xx-Nov-2021)
+2.1.36 (12-Nov-2021)
Security
- A potential XSS attack via the user options page has been reported by
- Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP:#1949401)
+ Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
- CVE-2021-43332 (LP:#1949403)
+ CVE-2021-43332 (LP: #1949403)
2.1.35 (19-Oct-2021)
@@ -24,10 +24,10 @@ Here is a history of user visible changes to Mailman.
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
- CVE-2021-42096 (LP:#1947639)
+ CVE-2021-42096 (LP: #1947639)
- A CSRF attack via the user options page could allow takeover of a users
- account. This is fixed. CVE-2021-42097 (LP:#1947640)
+ account. This is fixed. CVE-2021-42097 (LP: #1947640)
Bug Fixes and other patches