Acknowledgement sent
to Peter Chubb <peter.chubb@unsw.edu.au>:
New Bug report received and forwarded. Copy sent to Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>.
(Sun, 05 Sep 2021 21:33:03 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: python3-django-postorius: CVE-2021-40347 New upstream to fix security bug
Date: Mon, 06 Sep 2021 07:28:39 +1000
Package: python3-django-postorius
Version: 1.3.4-2
Severity: important
Tags: upstream
Dear Maintainer,
There is a new upstream (and patches to this version) available, to address
security issue CVE-2021-40347. This vulnerability allows any logged-in-user
to unsubscribe any user from any list.
Version 1.3.5 fixes the issue; plus a patch was posted to the
mailman3 mailing list.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-cloud-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python3-django-postorius depends on:
ii fonts-glyphicons-halflings 1.009~3.4.1+dfsg-2
ii libjs-bootstrap4 4.5.2+dfsg1-8
ii libjs-jquery 3.5.1+dfsg+~3.5.5-7
ii libjs-sphinxdoc 3.5.4-2
ii node-html5shiv 3.7.3+dfsg-3
ii python3 3.9.2-3
ii python3-cmarkgfm 0.4.2-1+b3
ii python3-django 2:2.2.24-1
ii python3-django-mailman3 1.3.5-2
ii python3-mailmanclient 3.3.2-1
ii python3-readme-renderer 24.0-3
ii sphinx-rtd-theme-common 0.5.1+dfsg-1
Versions of packages python3-django-postorius recommends:
ii mailman3-web 0+20200530-2
python3-django-postorius suggests no packages.
-- no debconf information
Bug reassigned from package 'python3-django-postorius' to 'src:1.3.4-2'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 06 Sep 2021 12:54:02 GMT) (full text, mbox, link).
No longer marked as found in versions postorius/1.3.4-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 06 Sep 2021 12:54:02 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream and security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 06 Sep 2021 12:54:03 GMT) (full text, mbox, link).
Marked as found in versions 1.3.4-2/1.2.4-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 06 Sep 2021 12:54:03 GMT) (full text, mbox, link).
Bug reassigned from package 'src:1.3.4-2' to 'src:postorius'.
Request was from Jonas Meurer <jonas@freesources.org>
to control@bugs.debian.org.
(Thu, 09 Sep 2021 11:48:04 GMT) (full text, mbox, link).
No longer marked as found in versions 1.3.4-2/1.2.4-1.
Request was from Jonas Meurer <jonas@freesources.org>
to control@bugs.debian.org.
(Thu, 09 Sep 2021 11:48:04 GMT) (full text, mbox, link).
Marked as found in versions postorius/1.3.4-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 09 Sep 2021 12:00:05 GMT) (full text, mbox, link).
Marked as found in versions postorius/1.2.4-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 09 Sep 2021 12:00:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>: Bug#993746; Package src:postorius.
(Sun, 15 Oct 2023 11:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Boud Roukema <bouddebbug@cosmo.torun.pl>:
Extra info received and forwarded to list. Copy sent to Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>.
(Sun, 15 Oct 2023 11:45:02 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.