Subject: CVS commit: pkgsrc/mail/mailman
From: Thomas Merkel
Date: 2021-10-26 20:42:55
Message id: 20211026184255.9867BFA97@cvs.NetBSD.org

Log Message:
mail/mailman: Update to 2.1.35

2.1.35 (19-Oct-2021)
  Security
    - A potential for for a list member to carry out an off-line brute force
      attack to obtain the list admin password has been reported by Andre
      Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
      CVE-2021-42096  (LP:#1947639)
    - A CSRF attack via the user options page could allow takeover of a users
      account.  This is fixed.  CVE-2021-42097  (LP:#1947640)
  Bug Fixes and other patches
    - Fixed an issue where sometimes the wrapper message for DMARC mitigation
      Wrap Message has no Subject:.  (LP: #1915655)
    - Plain text message bodies with Content-Disposition: and no declared
      charset are no longer scrubbed.  (LP: #1917968)
    - CommandRunner now recodes message bodies in the charset of the user's
      or list's language to avoid a possible UnicodeError when including the
      message body in the reply.  (LP: #1921682)
    - Delivery disabled by bounce notices to admins now have 'disabled'
      properly translated.  (LP: #1922843)
    - DMARC policy discovery ignores domains with multiple DMARC records per
      RFC 7849,  (LP: 1931029)

Files:
RevisionActionfile
1.95modifypkgsrc/mail/mailman/Makefile
1.31modifypkgsrc/mail/mailman/PLIST
1.31modifypkgsrc/mail/mailman/distinfo