UbuntuUpdates.org

Package "python-django-postorius"

Name: python-django-postorius

Description:

Web user interface to access GNU Mailman3

Latest version: 1.1.2-3ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: postorius
Homepage: https://gitlab.com/mailman/postorius

Links


Download "python-django-postorius"


Other versions of "python-django-postorius" in Bionic

Repository Area Version
updates universe 1.1.2-3ubuntu0.1

Changelog

Version: 1.1.2-3ubuntu0.1 2021-11-24 17:07:16 UTC

  postorius (1.1.2-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Sensitive Information Disclosure
    - debian/patches/CVE-2021-40347.patch: Check a user owns the email
    they are trying to unsubscribe.
    - CVE-2021-40347

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 23 Nov 2021 14:38:22 +0000

CVE-2021-40347 An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request



About   -   Send Feedback to @ubuntu_updates