Package "python3-django-postorius"

Name: python3-django-postorius


Web user interface to access GNU Mailman3

Latest version: 1.3.4-1ubuntu0.1
Release: hirsute (21.04)
Level: security
Repository: universe
Head package: postorius
Homepage: https://gitlab.com/mailman/postorius


Download "python3-django-postorius"

Other versions of "python3-django-postorius" in Hirsute

Repository Area Version
base universe 1.3.4-1
updates universe 1.3.4-1ubuntu0.1


Version: 1.3.4-1ubuntu0.1 2021-11-24 17:07:20 UTC

  postorius (1.3.4-1ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: Sensitive Information Disclosure
    - debian/patches/CVE-2021-40347.patch: Check a user owns the email
    they are trying to unsubscribe.
    - CVE-2021-40347

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 23 Nov 2021 14:29:24 +0000

CVE-2021-40347 An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request

About   -   Send Feedback to @ubuntu_updates