[Pkg-mailman-hackers] Bug#1003242: Versions ...
Peter Chubb
peter.chubb at unsw.edu.au
Thu Jan 6 21:51:00 GMT 2022
I think the issue is that python3-django-hyperkitty 1.3.5-1 has this
change:
Pass the secret archiver key in a HTTP Authorization header
instead of a GET query parameter so it doesn’t appear in
logs. (CVE-2021-35058, Closes #387)
See also:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/WSUEPQL6PX52Y7XVWYSSGJJXC7E3F6FG/
So to upgrade to python3-django-hyperkitty 1.3.5-1 you must also
upgrade python3-mailman-hyperkitty to 1.2.0; version 1.1.10 should
conflict with python3-django-hyperkitty versions < 1.3.5
--
Dr Peter Chubb https://trustworthy.systems/
Trustworthy Systems Group CSE, UNSW
More information about the Pkg-mailman-hackers
mailing list