[Pkg-mailman-hackers] Bug#989183: CVE-2021-33038
Moritz Muehlenhoff
jmm at inutil.org
Fri May 28 13:58:46 BST 2021
On Fri, May 28, 2021 at 02:14:34PM +0200, Jonas Meurer wrote:
> Hey Moritz,
>
> Moritz Muehlenhoff wrote:
> > On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote:
> > > Moritz Muehlenhoff wrote:
> > > > This was assigned CVE-2021-33038:
> > > > https://gitlab.com/mailman/hyperkitty/-/issues/380
> > > >
> > > > Patch is here:
> > > > https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
> > >
> > > Thanks a lot for reporting the security bug!
> > >
> > > I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will
> > > open an unblock request for Bullseye as soon as the package hit the archive.
> > >
> > > Do you want to take care of preparing an upload to buster-security or shall
> > > I prepare that one as well?
> >
> > Please do! Version number should be 1.2.2-1+deb10u1
>
> Done now. The sources for 1.2.2-1+deb10u1 can be found hier:
>
> https://salsa.debian.org/mailman-team/hyperkitty/-/tree/debian/buster-security
>
> Will you handle the upload or shall I upload to buster-security as well?
Thanks! Update looks fine, please upload to security-security.
I'll release the DSA later the evening or tomorrow.
Cheers,
Moritz
More information about the Pkg-mailman-hackers
mailing list