UbuntuUpdates.org

Package "mailman"

Name: mailman

Description:

Web-based mailing list manager (legacy branch)

Latest version: 1:2.1.29-1ubuntu3.1
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: http://www.list.org/

Links


Download "mailman"


Other versions of "mailman" in Focal

Repository Area Version
base universe 1:2.1.29-1ubuntu3
security universe 1:2.1.29-1ubuntu3.1

Changelog

Version: 1:2.1.29-1ubuntu3.1 2021-11-01 13:06:23 UTC

  mailman (1:2.1.29-1ubuntu3.1) focal-security; urgency=medium

  * SECURITY UPDATE: Potential Privilege escalation via the user
    options page. (LP: #1947639)
    - debian/patches/CVE-2021-42096-CVE-2021-42097.patch: Always make
      the CSRF token for the user
    - CVE-2021-42096
  * SECURITY UPDATE: Potential CSRF attack via the user options page
    (LP: #1947640)
    - debian/patches/CVE-2021-42096-CVE-2021-42097.patch: ensure token
      is for the user whose option page is being requested
    - CVE-2021-42097
  * SECURITY UPDATE: Arbitrary Content Injection
    - debian/patches/CVE-2020-12108.diff: removed
      safeusers variable that allows arbitrary content
      to be injected in Mailman/Cgi/options.py.
    - debian/patches/CVE-2020-15011.diff: checks if
      roster private, if so log the info in Mailman/Cgi/private.py.
    - CVE-2020-12108
    - CVE-2020-15011
  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2020-12137.diff: use .bin extension
      for scrubbed application/octet-stream files in
      Mailman/Handlers/Scrubber.py.
    - CVE-2020-12137

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 26 Oct 2021 17:47:22 +0000

1947639 Potential Privilege escalation via the user options page.
1947640 Potential CSRF attack via the user options page.
CVE-2021-42096 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in
CVE-2021-42097 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain
CVE-2020-12108 /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVE-2020-15011 GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
CVE-2020-12137 GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks a



About   -   Send Feedback to @ubuntu_updates