[Pkg-mailman-hackers] Bug#993746: python3-django-postorius: CVE-2021-40347 New upstream to fix security bug
Peter Chubb
peter.chubb at unsw.edu.au
Sun Sep 5 22:28:39 BST 2021
Package: python3-django-postorius
Version: 1.3.4-2
Severity: important
Tags: upstream
Dear Maintainer,
There is a new upstream (and patches to this version) available, to address
security issue CVE-2021-40347. This vulnerability allows any logged-in-user
to unsubscribe any user from any list.
Version 1.3.5 fixes the issue; plus a patch was posted to the
mailman3 mailing list.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-cloud-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python3-django-postorius depends on:
ii fonts-glyphicons-halflings 1.009~3.4.1+dfsg-2
ii libjs-bootstrap4 4.5.2+dfsg1-8
ii libjs-jquery 3.5.1+dfsg+~3.5.5-7
ii libjs-sphinxdoc 3.5.4-2
ii node-html5shiv 3.7.3+dfsg-3
ii python3 3.9.2-3
ii python3-cmarkgfm 0.4.2-1+b3
ii python3-django 2:2.2.24-1
ii python3-django-mailman3 1.3.5-2
ii python3-mailmanclient 3.3.2-1
ii python3-readme-renderer 24.0-3
ii sphinx-rtd-theme-common 0.5.1+dfsg-1
Versions of packages python3-django-postorius recommends:
ii mailman3-web 0+20200530-2
python3-django-postorius suggests no packages.
-- no debconf information
More information about the Pkg-mailman-hackers
mailing list