[Pkg-mailman-hackers] Bug#993746: CVE-2021-40347 seems to be fixed
Boud Roukema
bouddebbug at cosmo.torun.pl
Sun Oct 15 12:35:02 BST 2023
hi Maintainers,
* https://security-tracker.debian.org/tracker/CVE-2021-40347 says that this
bug (993746 - python3-django-postorius: CVE-2021-40347 New upstream to fix security bug)
is fixed in all versions.
A quick browse is consistent with that:
* buster patch https://salsa.debian.org/mailman-team/postorius/-/blob/debian/buster-security/debian/patches/0002-PATCH-Check-a-user-owns-the-email-they-are-trying-to.patch
* bullseye patch https://salsa.debian.org/mailman-team/postorius/-/blob/debian/bullseye-security/debian/patches/0002-PATCH-Check-a-user-owns-the-email-they-are-trying-to.patch
* bookworm/trixie/sid are at version 1.3.8-3 https://tracker.debian.org/pkg/postorius
I'm new to mailman3 (finally got the upgrade from mailman2 done), but
it looks like time to close this bug.
Cheers
Boud
More information about the Pkg-mailman-hackers
mailing list