[Pkg-mailman-hackers] Bug#989183: CVE-2021-33038
Jonas Meurer
jonas at freesources.org
Fri May 28 13:14:34 BST 2021
Hey Moritz,
Moritz Muehlenhoff wrote:
> On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote:
>> Moritz Muehlenhoff wrote:
>>> This was assigned CVE-2021-33038:
>>> https://gitlab.com/mailman/hyperkitty/-/issues/380
>>>
>>> Patch is here:
>>> https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
>>
>> Thanks a lot for reporting the security bug!
>>
>> I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will
>> open an unblock request for Bullseye as soon as the package hit the archive.
>>
>> Do you want to take care of preparing an upload to buster-security or shall
>> I prepare that one as well?
>
> Please do! Version number should be 1.2.2-1+deb10u1
Done now. The sources for 1.2.2-1+deb10u1 can be found hier:
https://salsa.debian.org/mailman-team/hyperkitty/-/tree/debian/buster-security
Will you handle the upload or shall I upload to buster-security as well?
Kind regards
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20210528/821f0113/attachment.sig>
More information about the Pkg-mailman-hackers
mailing list