Path to this page:
Subject: CVS commit: [pkgsrc-2021Q3] pkgsrc/mail/mailman
From: Thomas Merkel
Date: 2021-11-20 22:50:39
Message id: 20211120215039.CE14BFAEC@cvs.NetBSD.org
Log Message:
Pullup ticket #6534 - requested by bsiegert
mail/mailman: security fix
Revisions pulled up:
- mail/mailman/Makefile 1.95
- mail/mailman/PLIST 1.31
- mail/mailman/distinfo 1.31
---
Module Name: pkgsrc
Committed By: tm
Date: Tue Oct 26 18:42:55 UTC 2021
Modified Files:
pkgsrc/mail/mailman: Makefile PLIST distinfo
Log Message:
mail/mailman: Update to 2.1.35
2.1.35 (19-Oct-2021)
Security
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (LP:#1947639)
- A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (LP:#1947640)
Bug Fixes and other patches
- Fixed an issue where sometimes the wrapper message for DMARC mitigation
Wrap Message has no Subject:. (LP: #1915655)
- Plain text message bodies with Content-Disposition: and no declared
charset are no longer scrubbed. (LP: #1917968)
- CommandRunner now recodes message bodies in the charset of the user's
or list's language to avoid a possible UnicodeError when including the
message body in the reply. (LP: #1921682)
- Delivery disabled by bounce notices to admins now have 'disabled'
properly translated. (LP: #1922843)
- DMARC policy discovery ignores domains with multiple DMARC records per
RFC 7849, (LP: 1931029)
Files: