From a306294cf9e4d4a4ded2c840f9a1ce8ba412b6a7 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Tue, 30 Nov 2021 09:50:49 -0800
Subject: Block CSRF attack against admin or admindb pages.

---
 NEWS | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 8b874ee2..6e29cf46 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,12 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
-2.1.38 (xx-xxx-xxxx)
+2.1.38 (30-Nov-2021)
+
+  Security
+
+    - A potential CSRF attack against a list admin from a list member or
+      moderator has been blocked.  CVE-2021-44227  (LP: #1952384)
 
   Bug Fixes and other patches
 
-- 
cgit v1.2.3