[Pkg-mailman-hackers] Bug#989183: CVE-2021-33038
Jonas Meurer
jonas at freesources.org
Fri May 28 17:50:24 BST 2021
Hey Moritz,
Moritz Muehlenhoff wrote:
>>>>> This was assigned CVE-2021-33038:
>>>>> https://gitlab.com/mailman/hyperkitty/-/issues/380
>>>>>
>>>>> Patch is here:
>>>>> https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
>>>>
>>>> Thanks a lot for reporting the security bug!
>>>>
>>>> I'll upload hyperkitty 1.3.4-4 in a few minutes with the patch applied. Will
>>>> open an unblock request for Bullseye as soon as the package hit the archive.
>>>>
>>>> Do you want to take care of preparing an upload to buster-security or shall
>>>> I prepare that one as well?
>>>
>>> Please do! Version number should be 1.2.2-1+deb10u1
>>
>> Done now. The sources for 1.2.2-1+deb10u1 can be found hier:
>>
>> https://salsa.debian.org/mailman-team/hyperkitty/-/tree/debian/buster-security
>>
>> Will you handle the upload or shall I upload to buster-security as well?
>
> Thanks! Update looks fine, please upload to security-security.
>
> I'll release the DSA later the evening or tomorrow.
Great, I just uploaded hyperkitty 1.2.2-1+deb10u1 targeting
buster-security to security-master. Hope that I didn't miss anything.
Cheers
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20210528/eb3602fe/attachment.sig>
More information about the Pkg-mailman-hackers
mailing list