[DRE-maint] Bug#1068335: schleuder: might send reply to wrong email address in case a subscriber shares a key with an admin
Georg Faerber
georg at debian.org
Wed Apr 3 14:50:07 BST 2024
Package: schleuder
Version: 4.0.3-7
Forwarded: https://0xacab.org/schleuder/schleuder/-/issues/531
Tags: bookworm fixed-upstream security upstream
In case of multiple subscriptions which rely on the same key, Schleuder
might send a reply to a wrong email address, i.e. an address which is
different from the incoming one as per the From: header.
More information about the Pkg-ruby-extras-maintainers
mailing list