[Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed update for mailman via buster-pu
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 22 12:13:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0779e8f by Salvatore Bonaccorso at 2021-11-22T13:12:23+01:00
Track proposed update for mailman via buster-pu
- - - - -
1137946c by Salvatore Bonaccorso at 2021-11-22T13:12:55+01:00
Add tracking bug for CVE-2021-4333{1,2}/mailman
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2803,13 +2803,13 @@ CVE-2021-43334
CVE-2021-43333
RESERVED
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
- - mailman <removed>
+ - mailman <removed> (bug #1000367)
[buster] - mailman <no-dsa> (Minor issue)
[stretch] - mailman <no-dsa> (Minor issue)
NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...)
- - mailman <removed>
+ - mailman <removed> (bug #1000367)
[buster] - mailman <no-dsa> (Minor issue)
[stretch] - mailman <no-dsa> (Minor issue)
NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -88,3 +88,7 @@ CVE-2019-1010319
[buster] - wavpack 5.1.0-6+deb10u1
CVE-2021-35604
[buster] - mariadb-10.3 1:10.3.32-0+deb10u1
+CVE-2021-43331
+ [buster] - mailman 1:2.1.29-1+deb10u3
+CVE-2021-43332
+ [buster] - mailman 1:2.1.29-1+deb10u3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/197cacb9c2e062a56af7d5b7b0697c48284c9309...1137946c9185dc40ecb36cfdecef5bca238bfe7e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/197cacb9c2e062a56af7d5b7b0697c48284c9309...1137946c9185dc40ecb36cfdecef5bca238bfe7e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211122/575afd58/attachment.htm>
More information about the debian-security-tracker-commits
mailing list